Roles and Role Bindings in RBAC

2nd chunk of `content/en/blog/_posts/2017-04-00-Rbac-Support-In-Kubernetes.md`

2ecf9ae8fedace789892fc918843ead0b9768e0a4ec50b3b00000001000003af

![](https://1.bp.blogspot.com/-v6KLs1tT_xI/WOa0anGP4sI/AAAAAAAABBo/KIgYfp8PjusuykUVTfgu9-2uKj_wXo4lwCLcB/s400/rbac1.png)](https://1.bp.blogspot.com/-v6KLs1tT_xI/WOa0anGP4sI/AAAAAAAABBo/KIgYfp8PjusuykUVTfgu9-2uKj_wXo4lwCLcB/s1600/rbac1.png)



The connection between user and resources is defined in RBAC using two objects.  

**Roles**  
A Role is a collection of permissions. For example, a role could be defined to include read permission on pods and list permission for pods. A ClusterRole is just like a Role, but can be used anywhere in the cluster.  

**Role Bindings**  
A RoleBinding maps a Role to a user or set of users, granting that Role's permissions to those users for resources in that namespace. A ClusterRoleBinding allows users to be granted a ClusterRole for authorization across the entire cluster.  


[![](https://1.bp.blogspot.com/-ixDe91-cnqw/WOa0auxC0mI/AAAAAAAABBs/4LxVsr6shEgTYqUapt5QPISUeuTuztVwwCEw/s640/rbac2.png)

Title: Roles and Role Bindings in RBAC

Summary

RBAC defines the connection between users and resources using Roles and Role Bindings. A Role is a set of permissions (e.g., read and list pods), while a ClusterRole is similar but applies cluster-wide. A RoleBinding maps a Role to users, granting the specified permissions within a namespace. A ClusterRoleBinding grants a ClusterRole to users for authorization across the entire cluster.