v1.SelfSubjectAccessReview
Description
SelfSubjectAccessReview checks whether or the current user can perform an action. Not filling in a spec.namespace means "in all namespaces". Self is a special case, because users should always be able to check whether they can perform an action
Object Schema
Expand or mouse-over a field for more information about it.
apiVersion:kind:metadata:
annotations:
[string]:clusterName:creationTimestamp:deletionGracePeriodSeconds:deletionTimestamp:finalizers:
- [string]:generateName:generation:initializers:
pending:
- name:result:
apiVersion:code:details:
causes:
- field:message:reason:group:kind:name:retryAfterSeconds:uid:kind:message:metadata:
continue:resourceVersion:selfLink:reason:status:labels:
[string]:name:namespace:ownerReferences:
- apiVersion:blockOwnerDeletion:controller:kind:name:uid:resourceVersion:selfLink:uid:spec:
nonResourceAttributes:
path:verb:resourceAttributes:
group:name:namespace:resource:subresource:verb:version:status:
allowed:denied:evaluationError:reason:
Operations
Create a SelfSubjectAccessReview
Create a SelfSubjectAccessReview
HTTP request
POST /apis/authorization.k8s.io/v1/selfsubjectaccessreviews HTTP/1.1
Authorization: Bearer $TOKEN
Accept: application/json
Connection: close
Content-Type: application/json'
{
"kind": "SelfSubjectAccessReview",
"apiVersion": "authorization.k8s.io/v1",
...
}
Curl request
$ curl -k \
-X POST \
-d @- \
-H "Authorization: Bearer $TOKEN" \
-H 'Accept: application/json' \
-H 'Content-Type: application/json' \
https://$ENDPOINT/apis/authorization.k8s.io/v1/selfsubjectaccessreviews <<'EOF'
{
"kind": "SelfSubjectAccessReview",
"apiVersion": "authorization.k8s.io/v1",
...
}
EOF