Role Bindings

:loudspeaker: This page documents Kowl Business exclusive features.

Role Bindings

A role binding grants the permissions defined in a role to a user or set of users. It holds a list of subjects (users or groups) and a reference to the role being granted. Optionally you can add metadata (key-value pairs) which may help you to manage your role bindings.


# Role Bindings are used to attach roles to single users or groups of users
  - metadata:
      # Metadata properties will be shown in the UI. You can omit it if you want to
      name: Developers
      creator: John Doe
      # You can specify all groups or users from different providers here which shall be bound to the same role
      - kind: group
        provider: Google
    roleName: developer

This role binding binds all Google accounts which are a member of to the role named developer. You can find a reference config for role bindings here.

:triangular_flag_on_post: In order to use groups for role bindings you need configure the RBAC Sync on Groups.

:triangular_flag_on_post: Users which have multiple roles assigned through role bindings will inherit the union of these roles' permissions.



Supported kinds are: group and user. In the future there might be a third kind serviceAccount.


Supported providers are: Google, GitHub and Okta.


Depending on your kind and provider the name property may refer to different things. This is an overview to what it refers for every possible case:


Kind Provider Name Reference
user Google Google E-Mail address
group Google Google Group Name (which is an E-Mail address)


Kind Provider Name Reference
user GitHub Login handle / GitHub username
group GitHub GitHub team name within your GitHub organization


Kind Provider Name Reference
user Okta Login handle / email
group Okta Okta Group ID (not name), e.g. "00gra1ajmZa1G1ks04x9"