github.com/oam-dev/kubevela@v1.9.11/docs/examples/rbac/rbac.md (about) 1 # RBAC 2 3 User: 4 5 ```yaml 6 name: user 7 userRoles: ["app-developer"] 8 ... 9 ``` 10 11 ProjectUser: 12 13 ```yaml 14 username: user 15 project: demo 16 userRoles: ["app-developer"] 17 ``` 18 19 Role: 20 21 ```yaml 22 name: app-developer 23 project: demo 24 permissions: ["app-manage"] 25 ``` 26 27 ```yaml 28 name: admin 29 permissions: ["all"] 30 ``` 31 32 Permission: 33 34 ```yaml 35 name: app-manage 36 project: demo 37 resource: ["project:demo/application:*"] 38 actions: ["*"] 39 effect: Allow 40 principal: {} 41 condition: {} 42 ``` 43 44 ```yaml 45 name: app1-manage 46 project: demo 47 resource: ["project:demo/application:app1/*"] 48 actions: ["*"] 49 effect: Allow 50 principal: {} 51 condition: {} 52 53 name: app2-manage 54 project: demo 55 resource: ["project:demo/application:app2/*"] 56 actions: ["*"] 57 effect: Allow 58 principal: {} 59 condition: {} 60 ``` 61 62 ```yaml 63 name: cluster-manage 64 resource: ["cluster:*"] 65 actions: ["*"] 66 effect: Allow 67 principal: {} 68 condition: {} 69 ``` 70 71 ```yaml 72 name: cluster-beijing-manage 73 resource: ["cluster:beijing"] 74 actions: ["*"] 75 effect: Allow 76 principal: {} 77 condition: {} 78 ``` 79 80 ```yaml 81 name: all 82 resource: ["*"] 83 actions: ["*"] 84 effect: Allow 85 principal: {} 86 condition: {} 87 ``` 88 89 PermissionTemplate: 90 91 ```yaml 92 name: app-manage 93 resource: ["project:${projectName}/application:*"] 94 actions: ["*"] 95 level: project 96 effect: Allow 97 principal: {} 98 condition: {} 99 ``` 100 101 ```yaml 102 name: deny-delete-cluster 103 resource: ["cluster:*"] 104 actions: ["delete"] 105 level: platform 106 effect: Deny 107 ```