Static mock demo. This page uses a small bundled sample dataset. It does not connect to a cluster, run oc, or read local credentials.

User rhea-rehire No ID htpasswd-backed

Reach

Where this subject's permissions land. Cluster-wide grants reach every namespace; namespace-scoped grants are listed individually. Grants that come from auto-membership virtual groups (system:authenticated, system:authenticated:oauth, system:serviceaccounts, system:serviceaccounts:<ns>) are folded into the collapsible blocks below — they apply to every authenticated principal on the cluster, not to this subject specifically.

Cluster-wide via system virtual groups (1) — shared with every authenticated principal

Role	Via	Binding
view	Group/system:authenticated:oauth	ClusterRoleBinding/oauth-users-self-review

Effective permissions (1 path)

Each path is one (role, scope, group-membership) combination. Click Show rules to see the underlying API rules. 1 additional path via auto-membership virtual groups (system:authenticated et al.) is collapsed below — they grant the same access to every authenticated principal.

All paths come from auto-membership virtual groups — see the collapsible block below.

Paths via system virtual groups (1) — shared with every authenticated principal

Cluster-wide 1 rule

User rhea-rehire

member of

Group system:authenticated:oauth

bound by

ClusterRoleBinding oauth-users-self-review

grants

ClusterRole view

Verbs: getlistwatch Resources: podsservices API groups: core

API group	Resources	Verbs
core	pods, services	get, list, watch