How to list rolebindings for a given user
Article Number: 000020766
Situation
Need to list the roles bound for a given user
Resolution
Two options available for listing the rolebindings are to use kubectl to get the rolebindings or use a plugin such as rbac-lookup.
Kubectl Commands to get JSON output
Run the following where $USERID is the ID seen in the Rancher UI as u-xxxx :
$ kubectl get rolebinding,clusterrolebinding --all-namespaces -o jsonpath='{range .items[?(@.subjects[0].name=="$USERID")]}[{.roleRef.kind},{.roleRef.name}]{end}'
This should provide a list of all rolebindings associated with the $USERID in an output like the following:
[Role,user-global-catalog][Role,r-cluster-local-view][Role,project-member][Role,p-qq8hd-projectmember][Role,edit][Role,project-member][ClusterRole,cattle-globalrole-user][ClusterRole,project-member-promoted][ClusterRole,p-qq8hd-namespaces-edit][ClusterRole,create-ns][ClusterRole,local-clustermember][ClusterRole,u-dlns5-view]
3rd Party Plugin: rback-lookup
The rbac-lookup plugin can be installed using a plugin manager like krew.
NOTE: This pugin is not created or maintaiened by us and so is not supported. This is provided as an exampe only and your mileage may vary so use at your descretion.
See related sites:
https://github.com/FairwindsOps/rbac-lookup
https://rbac-lookup.docs.fairwinds.com/usage/#flags-supported
https://github.com/kubernetes-sigs/krew
https://krew.sigs.k8s.io/
Once installed the plugin can be run to retrieve roles as seen in the following example (where u-x is the Rancher user ID):
root@box:~# kubectl rbac-lookup u-x
SUBJECT SCOPE ROLE
u-x cattle-global-data Role/user-global-catalog
u-x c-m-zbsdgsk9 Role/p-x5msl-projectmember
u-x c-m-zbsdgsk9 Role/project-member
u-x p-x5msl Role/project-member
u-x p-x5msl Role/edit
u-x fleet-default Role/r-cluster-quickstart-do-custom-view
u-x cluster-wide ClusterRole/u-3uvr4kfrim-view
u-x cluster-wide ClusterRole/cattle-globalrole-user
u-x cluster-wide ClusterRole/c-m-zbsdgsk9-clustermember