StringSubjectsFor returns users and groups for comparison against user.Info.

SubjectsStrings returns users, groups, serviceaccounts, unknown for display purposes.

Synthetic authorization endpoints.

Synthetic authorization endpoints.

EscalatingResourcesGroupName contains all resources that can be used to escalate privileges when simply viewed.

KubeExposedGroupName includes resources that are commonly viewed and modified by end users of the system.

KubeInternalsGroupName includes those resources that should reasonably be viewable to end users, but that most users should probably not modify.

Synthetic authorization endpoints.

Synthetic authorization endpoints.

Synthetic authorization endpoints.

NonEscalatingResourcesGroupName contains all resources that can be viewed without exposing the risk of using view rights to locate a secret to escalate privileges.

OpenshiftExposedGroupName includes resources that are commonly viewed and modified by end users of the system.

PermissionGrantingGroupName includes resources that are necessary to maintain authorization roles and bindings.

PolicyName is the name of Policy.

PolicyOwnerGroupName includes the physical resources behind the PermissionGrantingGroupName.

ResourceGroupPrefix is the prefix for indicating that a resource entry is actually a group of resources.

Synthetic authorization endpoints.

ClusterPolicy is a object that holds all the ClusterRoles for a particular namespace.

ClusterPolicyBinding is a object that holds all the ClusterRoleBindings for a particular namespace.

ClusterPolicyBindingList is a collection of ClusterPolicyBindings.

ClusterPolicyList is a collection of ClusterPolicies.

ClusterRole is a logical grouping of PolicyRules that can be referenced as a unit by ClusterRoleBindings.

ClusterRoleBinding references a ClusterRole, but not contain it.

ClusterRoleBindingList is a collection of ClusterRoleBindings.

ClusterRoleList is a collection of ClusterRoles.

IsPersonalSubjectAccessReview is a marker for PolicyRule.AttributeRestrictions that denotes that subjectaccessreviews on self should be allowed.

LocalResourceAccessReview is a means to request a list of which users and groups are authorized to perform the action specified by spec in a particular namespace.

LocalSubjectAccessReview is an object for requesting information about whether a user or group can perform an action in a particular namespace.

Policy is a object that holds all the Roles for a particular namespace.

PolicyBinding is a object that holds all the RoleBindings for a particular namespace.

PolicyBindingList is a collection of PolicyBindings.

PolicyList is a collection of Policies.

PolicyRule holds information that describes a policy rule, but does not contain information about who the rule applies to or which namespace the rule applies to.

ResourceAccessReview is a means to request a list of which users and groups are authorized to perform the action specified by spec.

ResourceAccessReviewResponse describes who can perform the action.

Role is a logical grouping of PolicyRules that can be referenced as a unit by RoleBindings.

RoleBinding references a Role, but not contain it.

RoleBindingList is a collection of RoleBindings.

RoleList is a collection of Roles.

SubjectAccessReview is an object for requesting information about whether a user or group can perform an action.

SubjectAccessReviewResponse describes whether or not a user or group can perform an action.