← 返回命令列表

Linux command

rbac-lookup 命令

文本

复制后可按需替换文件名、目录或参数。

常用示例

Find roles for user

rbac-lookup [user@example.com]

Find roles for service account

rbac-lookup [service-account-name] --kind serviceaccount

Find roles for group

rbac-lookup [group-name] --kind group

Output wide format

rbac-lookup [subject] -o wide

Search in namespace

rbac-lookup [subject] -n [namespace]

All bindings for subject

rbac-lookup [subject] --all-namespaces

说明

rbac-lookup queries a Kubernetes cluster to find all RBAC role bindings associated with a given subject, answering the question "what permissions does this user, group, or service account have?" It searches both ClusterRoleBindings and namespace-scoped RoleBindings to provide a complete picture of a subject's access across the cluster. The tool supports lookups by user identity, group membership, and service account name via the --kind flag. Wide output format (-o wide) displays detailed binding information including the namespace, role type, and source binding for each permission grant. This makes it particularly useful for security audits and troubleshooting access issues in clusters with complex RBAC configurations.

参数

--kind _TYPE_
Subject kind (user, group, serviceaccount).
-n, --namespace _NS_
Namespace to search.
-A, --all-namespaces
All namespaces.
-o, --output _FORMAT_
Output format.
--gke
GKE-specific mode.
-k, --kubeconfig _FILE_
Kubeconfig file.

FAQ

What is the rbac-lookup command used for?

rbac-lookup queries a Kubernetes cluster to find all RBAC role bindings associated with a given subject, answering the question "what permissions does this user, group, or service account have?" It searches both ClusterRoleBindings and namespace-scoped RoleBindings to provide a complete picture of a subject's access across the cluster. The tool supports lookups by user identity, group membership, and service account name via the --kind flag. Wide output format (-o wide) displays detailed binding information including the namespace, role type, and source binding for each permission grant. This makes it particularly useful for security audits and troubleshooting access issues in clusters with complex RBAC configurations.

How do I run a basic rbac-lookup example?

Run `rbac-lookup [user@example.com]` in a terminal, then adjust file names, paths, flags, or remote targets for your system.

What does --kind _TYPE_ do in rbac-lookup?

Subject kind (user, group, serviceaccount).