Action describes a request to the API server.

ClusterPolicy is a object that holds all the ClusterRoles for a particular namespace.

ClusterPolicyBinding is a object that holds all the ClusterRoleBindings for a particular namespace.

ClusterPolicyBindingList is a collection of ClusterPolicyBindings.

ClusterPolicyList is a collection of ClusterPolicies.

ClusterRole is a logical grouping of PolicyRules that can be referenced as a unit by ClusterRoleBindings.

ClusterRoleBinding references a ClusterRole, but not contain it.

ClusterRoleBindingList is a collection of ClusterRoleBindings.

ClusterRoleList is a collection of ClusterRoles.

GroupRestriction matches a group either by a string match on the group name or a label selector applied to group labels.

IsPersonalSubjectAccessReview is a marker for PolicyRule.AttributeRestrictions that denotes that subjectaccessreviews on self should be allowed.

LocalResourceAccessReview is a means to request a list of which users and groups are authorized to perform the action specified by spec in a particular namespace.

LocalSubjectAccessReview is an object for requesting information about whether a user or group can perform an action in a particular namespace.

NamedClusterRole relates a name with a cluster role.

NamedClusterRoleBinding relates a name with a cluster role binding.

NamedRole relates a Role with a name.

NamedRoleBinding relates a role binding with a name.

Policy is a object that holds all the Roles for a particular namespace.

PolicyBinding is a object that holds all the RoleBindings for a particular namespace.

PolicyBindingList is a collection of PolicyBindings.

PolicyList is a collection of Policies.

PolicyRule holds information that describes a policy rule, but does not contain information about who the rule applies to or which namespace the rule applies to.

ResourceAccessReview is a means to request a list of which users and groups are authorized to perform the action specified by spec.

ResourceAccessReviewResponse describes who can perform the action.

Role is a logical grouping of PolicyRules that can be referenced as a unit by RoleBindings.

RoleBinding references a Role, but not contain it.

RoleBindingList is a collection of RoleBindings.

RoleBindingRestriction is an object that can be matched against a subject (user, group, or service account) to determine whether rolebindings on that subject are allowed in the namespace to which the RoleBindingRestriction belongs.

RoleBindingRestrictionList is a collection of RoleBindingRestriction objects.

RoleBindingRestrictionSpec defines a rolebinding restriction.

RoleList is a collection of Roles.

SelfSubjectRulesReview is a resource you can create to determine which actions you can perform in a namespace.

SelfSubjectRulesReviewSpec adds information about how to conduct the check.

ServiceAccountReference specifies a service account and namespace by their names.

ServiceAccountRestriction matches a service account by a string match on either the service-account name or the name of the service account's namespace.

SubjectAccessReview is an object for requesting information about whether a user or group can perform an action.

SubjectAccessReviewResponse describes whether or not a user or group can perform an action.

SubjectRulesReview is a resource you can create to determine which actions another user can perform in a namespace.

SubjectRulesReviewSpec adds information about how to conduct the check.

SubjectRulesReviewStatus is contains the result of a rules check.

UserRestriction matches a user either by a string match on the user name, a string match on the name of a group to which the user belongs, or a label selector applied to the user labels.

OptionalNames is an array that may also be left nil to distinguish between set and unset.

OptionalScopes is an array that may also be left nil to distinguish between set and unset.