Skip to main content



The following questions need to be addressed:

- Who is allowed to create clusterroles/roles and bindings?

- Should only one person be responsible for this, or e.g. someone for clusterroles, someone else for roles and again someone else for the respective bindings?

- Which clusterroles should there be?

- Which Roles should there be?

- Which naming convention makes sense?

- What is not covered by RBAC?

- How are elements not covered by RBAC handled?