1. origin
  2. test
  3. testdata
  4. basic-user-with-groups-without-projectrequests.yaml
Raw Blame History 
apiVersion: v1
kind: ClusterRole
metadata:
  name: basic-user
rules:
- apiGroups: null
  attributeRestrictions: null
  resourceNames:
  - "~"
  resources:
  - users
  # add an extra resource permission:
  - groups
  verbs:
  - get
# remove a default permission:
# - apiGroups: null
#   attributeRestrictions: null
#   resources:
#   - projectrequests
#   verbs:
#   - list
- apiGroups: null
  attributeRestrictions: null
  resources:
  - clusterroles
  verbs:
  - get
  - list
- apiGroups: null
  attributeRestrictions: null
  resources:
  - projects
  verbs:
  - list
  - watch
- apiGroups: null
  attributeRestrictions:
    apiVersion: v1
    kind: IsPersonalSubjectAccessReview
  resources:
  - localsubjectaccessreviews
  - subjectaccessreviews
  verbs:
  - create
- apiGroups: null
  attributeRestrictions: null
  resources:
  - selfsubjectrulesreviews
  verbs:
  - create