User Role Class
A UserRoleClass defines a user role in the system. A UserRoleClass maps to native Kubernetes role-based access control, which regulates access to resources and API groups based on policies. A UserRoleClass holds a set of rules that utilize the PolicyRule specification provided by Kubernetes. System administrators can refer to this article for more information.
Examples
Data Scientist, Business Analyst
Relationships to Other Resources
A UserRoleClass is assigned to an Account
UserRoleClass API Reference
UserRoleClass specify the RBAC premission for a specific user role.
| Name | Type | Description | Required |
|---|---|---|---|
| apiVersion | string | catalog.modela.ai/v1alpha1 | true |
| kind | string | UserRoleClass | true |
| metadata | object | Refer to the Kubernetes API documentation for the fields of the `metadata` field. | true |
| spec | object |
UserRoleClassSpec is the spec for UserRoleClass |
true |
UserRoleClass.spec
UserRoleClassSpec is the spec for UserRoleClass
| Name | Type | Description | Required |
|---|---|---|---|
| rules | []object |
|
false |
UserRoleClass.spec.rules[index]
PolicyRule holds information that describes a policy rule, but does not contain information about who the rule applies to or which namespace the rule applies to.
| Name | Type | Description | Required |
|---|---|---|---|
| verbs | []string |
Verbs is a list of Verbs that apply to ALL the ResourceKinds and AttributeRestrictions contained in this rule. '*' represents all verbs. |
true |
| apiGroups | []string |
APIGroups is the name of the APIGroup that contains the resources. If multiple API groups are specified, any action requested against one of the enumerated resources in any API group will be allowed. |
false |
| nonResourceURLs | []string |
NonResourceURLs is a set of partial urls that a user should have access to. *s are allowed, but only as the full, final step in the path Since non-resource URLs are not namespaced, this field is only applicable for ClusterRoles referenced from a ClusterRoleBinding. Rules can either apply to API resources (such as "pods" or "secrets") or non-resource URL paths (such as "/api"), but not both. |
false |
| resourceNames | []string |
ResourceNames is an optional white list of names that the rule applies to. An empty set means that everything is allowed. |
false |
| resources | []string |
Resources is a list of resources this rule applies to. '*' represents all resources. |
false |
Feedback
Was this page helpful?
Glad to hear it!
Sorry to hear that.