AccessBindings is an assignment of roles to a set of users or teams
to access resources. The user or team information is obtained from
an user directory (such an LDAP server or an external OIDC server)
that should have been configured as part of Service Bridge installation.
Note that an
AccessBinding can be created or modified only by users
SET_POLICY permission on the target resource.
The following example assigns the
workspace-admin role to users
bob, and members of the
t1 team for the workspace
owned by the tenant
Use fully-qualified name (fqn) when specifying the target resource, as well as for the users and teams.
apiVersion: rbac.tsb.tetrate.io/v2 kind: AccessBindings metadata: fqn: organizations/myorg/tenants/mycompany/workspaces/w1 spec: allow: - role: rbac/workspace-admin subjects: - user: organizations/myorg/users/alice - user: organizations/myorg/users/bob - team: organizations/myorg/teams/t1
AccessBindings assigns permissions to users of any TSB resource.
List of tetrateio.api.tsb.rbac.v2.Binding