If you are not familiar with the oc command, refer to OpenShift - Getting Started with the oc command.
Role Bindings, or Role Based Access Control (RBAC), contain the mapping of user, group, or service account to a role.
The following roles can be used.
Role Bindings and Security Context Constraint are similar in that they both are access control mechanisms.
The oc adm policy command can be used to:
The oc get rolebindings command can be used to:
The -A or --all-namespaces flag can be used to list the Role Bindings in every namespace.
The -n or --namespace flag can be used to list the Role Bindings in a certain namespace.
In this example, one or more Users, Groups or Service Accounts have been appended to the default basic-user Role Binding.
The Role Bindings that begin with my-role are custom Role Bindings that have been created. Check out my article on using the oc create rolebinding or oc create clusterrolebinding to create a custom Role Binding.
Notice also there is a basic-user-0 Role Binding. When you add the first User, Group or Service Account to one of the system Role Bindings using the oc adm policy command, this will create the Role Binding in the currently selected namespace (basic-user in this example). If you then added a second User, Group or Service Account to the same Role Binding oc adm policy command and you do not use the --rolebinding-name option, this will create another Role Binding with -0 appended (basic-user-0 in this example).
~]$ oc get rolebindings NAME ROLE AGE basic-user ClusterRole/basic-user 8d basic-user-0 ClusterRole/basic-user 8d my-role-admins ClusterRole/admin 10d my-role-cluster-admins ClusterRole/cluster-admin 10d my-role-cluster-status ClusterRole/cluster-status 10d my-role-cluster-readers ClusterRole/cluster-reader 10d my-role-editors ClusterRole/edit 10d my-role-self-provisioners ClusterRole/self-provisioner 10d my-role-viewers ClusterRole/view 10d
The oc get clusterrolebindings command can be used to list the Cluster Role Bindings that have been created.
~]$ oc get clusterrolebindings NAME ROLE AGE basic-users ClusterRole/basic-user 10d cluster-admins ClusterRole/cluster-admin 10d view ClusterRole/view 10d
The oc describe rolebinding and oc describe clusterrolebinding commands can be used to list the Users, Groups and Service Accounts associated with the Role Binding.
~]$ oc describe rolebinding my-basic-users Name: my-basic-users Labels: <none> Annotations: <none> Role: Kind: RoleBinding Name: my-basic-users Subjects: Kind Name Namespace ---- ---- --------- User john.doe Group openshift_admins ServiceAccount my-service-account