This page documents Kowl Business exclusive features.
A role binding grants the permissions defined in a role to a user or set of users. It holds a list of subjects (users or groups) and a reference to the role being granted. Optionally you can add metadata (key-value pairs) which may help you to manage your role bindings.
# Role Bindings are used to attach roles to single users or groups of users roleBindings: - metadata: # Metadata properties will be shown in the UI. You can omit it if you want to name: Developers creator: John Doe subjects: # You can specify all groups or users from different providers here which shall be bound to the same role - kind: group provider: Google name: firstname.lastname@example.org roleName: developer
This role binding binds all Google accounts which are a member of
email@example.com to the role named
developer. You can find a reference config for role bindings here.
In order to use groups for role bindings you need configure the RBAC Sync on Groups.
Users which have multiple roles assigned through role bindings will inherit the union of these roles' permissions.
Supported kinds are:
user. In the future there might be a third kind
Supported providers are:
Depending on your
name property may refer to different things. This is an overview to what it refers for every possible case:
||Google E-Mail address|
||GitHub||Login handle / GitHub username|
||Okta||Login handle / email|
||Google Group Name (which is an E-Mail address)|
||GitHub||GitHub team name within your GitHub organization|
||Okta||Okta Group ID (not name), e.g. "00gra1ajmZa1G1ks04x9"|