Static mock demo. This page uses a small bundled sample dataset. It does not connect to a cluster, run oc, or read local credentials.

Group engineers

Members (3)

Reach

Where this subject's permissions land. Cluster-wide grants reach every namespace; namespace-scoped grants are listed individually.

Per-namespace (2 namespaces)

Namespace	Role	Via	Binding
mine-platform	admin	direct	RoleBinding/admin-rb
mine-platform	admin	direct	RoleBinding/admin-rb-copy
payments-prod	read-secrets	direct	RoleBinding/secret-readers

Effective permissions (2 paths)

Each path is one (role, scope, group-membership) combination. Click Show rules to see the underlying API rules.

Namespace: mine-platform * wildcard 3 rules

Group engineers

bound by

RoleBinding admin-rb

grants

ClusterRole admin privileged

Verbs: *createdeletegetlistpatchupdatewatch Resources: configmapsdeploymentspodsrolebindingsrolessecrets API groups: apps, core, rbac.authorization.k8s.io

Aggregated from admin-workloads, admin-rbac

2 duplicate bindings admin-rb, admin-rb-copy

API group	Resources	Verbs	From
apps	deployments	*	admin-workloads
core	pods, secrets, configmaps	*	admin-workloads
rbac.authorization.k8s.io	roles, rolebindings	get, list, watch, create, update, patch, delete	admin-rbac

Namespace: payments-prod 1 rule

Group engineers

bound by

RoleBinding secret-readers

grants

Role read-secrets

Verbs: getlist Resources: secrets API groups: core

API group	Resources	Verbs
core	secrets	get, list