How to change a users cluster-permissions with custom RBAC

How to add a new user to your cluster and change its cluster-permissions with custom RBAC-rules

If you want to give a user access to your cluster, you must first add the user to your organisation. Refer to Invite a user to an organisation.

By default, some organisation roles already have clusterRoles assigned to them, as you can see in the table below. However, if you want to give a user with a certain role extra permissions within your cluster, you can do so by adding custom RBAC-rules.

Role	Kubernetes RBAC clusterRoleBinding
Admin	`cluster-admin`
Developer	`edit`
Viewer	`view`
Console viewer	`-`

Adding custom RBAC-rules

Now that the user has been added to your organisation, the user is able to connect to a cluster using kubectl. You can add a custom clusterRoleBinding resource to assign additional permissions for the user within the cluster.

Customize the example below and apply it with kubectl apply, alternatively you can add it to your git-repository and deploy is using GitOps through Fluxcd or other Continuous deployment tooling continuous deployment.

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: ame:user-admin-accounts
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
  - apiGroup: rbac.authorization.k8s.io
    kind: User
    name: <username_of_the_newly_added_user>

How to change a users cluster-permissions with custom RBAC

Adding custom RBAC-rules

On this page