--- api_metadata: apiVersion: "rbac.authorization.k8s.io/v1" import: "k8s.io/api/rbac/v1" kind: "Role" content_type: "api_reference" description: "Role is a namespaced, logical grouping of PolicyRules that can be referenced as a unit by a RoleBinding." title: "Role" weight: 7 auto_generated: true --- `apiVersion: rbac.authorization.k8s.io/v1` `import "k8s.io/api/rbac/v1"` ## Role {#Role} Role is a namespaced, logical grouping of PolicyRules that can be referenced as a unit by a RoleBinding.

- **apiVersion**: rbac.authorization.k8s.io/v1 - **kind**: Role - **metadata** (}}">ObjectMeta) Standard object's metadata. - **rules** ([]PolicyRule) Rules holds all the PolicyRules for this Role *PolicyRule holds information that describes a policy rule, but does not contain information about who the rule applies to or which namespace the rule applies to.* - **rules.apiGroups** ([]string) APIGroups is the name of the APIGroup that contains the resources. If multiple API groups are specified, any action requested against one of the enumerated resources in any API group will be allowed. - **rules.resources** ([]string) Resources is a list of resources this rule applies to. '*' represents all resources. - **rules.verbs** ([]string), required Verbs is a list of Verbs that apply to ALL the ResourceKinds contained in this rule. '*' represents all verbs. - **rules.resourceNames** ([]string) ResourceNames is an optional white list of names that the rule applies to. An empty set means that everything is allowed. - **rules.nonResourceURLs** ([]string) NonResourceURLs is a set of partial urls that a user should have access to. *s are allowed, but only as the full, final step in the path Since non-resource URLs are not namespaced, this field is only applicable for ClusterRoles referenced from a ClusterRoleBinding. Rules can either apply to API resources (such as "pods" or "secrets") or non-resource URL paths (such as "/api"), but not both. ## RoleList {#RoleList} RoleList is a collection of Roles

- **apiVersion**: rbac.authorization.k8s.io/v1 - **kind**: RoleList - **metadata** (}}">ListMeta) Standard object's metadata. - **items** ([]}}">Role), required Items is a list of Roles ## Operations {#Operations}

### `get` read the specified Role #### HTTP Request GET /apis/rbac.authorization.k8s.io/v1/namespaces/{namespace}/roles/{name} #### Parameters - **name** (*in path*): string, required name of the Role - **namespace** (*in path*): string, required }}">namespace - **pretty** (*in query*): string }}">pretty #### Response 200 (}}">Role): OK 401: Unauthorized ### `list` list or watch objects of kind Role #### HTTP Request GET /apis/rbac.authorization.k8s.io/v1/namespaces/{namespace}/roles #### Parameters - **namespace** (*in path*): string, required }}">namespace - **allowWatchBookmarks** (*in query*): boolean }}">allowWatchBookmarks - **continue** (*in query*): string }}">continue - **fieldSelector** (*in query*): string }}">fieldSelector - **labelSelector** (*in query*): string }}">labelSelector - **limit** (*in query*): integer }}">limit - **pretty** (*in query*): string }}">pretty - **resourceVersion** (*in query*): string }}">resourceVersion - **resourceVersionMatch** (*in query*): string }}">resourceVersionMatch - **timeoutSeconds** (*in query*): integer }}">timeoutSeconds - **watch** (*in query*): boolean }}">watch #### Response 200 (}}">RoleList): OK 401: Unauthorized ### `list` list or watch objects of kind Role #### HTTP Request GET /apis/rbac.authorization.k8s.io/v1/roles #### Parameters - **allowWatchBookmarks** (*in query*): boolean }}">allowWatchBookmarks - **continue** (*in query*): string }}">continue - **fieldSelector** (*in query*): string }}">fieldSelector - **labelSelector** (*in query*): string }}">labelSelector - **limit** (*in query*): integer }}">limit - **pretty** (*in query*): string }}">pretty - **resourceVersion** (*in query*): string }}">resourceVersion - **resourceVersionMatch** (*in query*): string }}">resourceVersionMatch - **timeoutSeconds** (*in query*): integer }}">timeoutSeconds - **watch** (*in query*): boolean }}">watch #### Response 200 (}}">RoleList): OK 401: Unauthorized ### `create` create a Role #### HTTP Request POST /apis/rbac.authorization.k8s.io/v1/namespaces/{namespace}/roles #### Parameters - **namespace** (*in path*): string, required }}">namespace - **body**: }}">Role, required - **dryRun** (*in query*): string }}">dryRun - **fieldManager** (*in query*): string }}">fieldManager - **fieldValidation** (*in query*): string }}">fieldValidation - **pretty** (*in query*): string }}">pretty #### Response 200 (}}">Role): OK 201 (}}">Role): Created 202 (}}">Role): Accepted 401: Unauthorized ### `update` replace the specified Role #### HTTP Request PUT /apis/rbac.authorization.k8s.io/v1/namespaces/{namespace}/roles/{name} #### Parameters - **name** (*in path*): string, required name of the Role - **namespace** (*in path*): string, required }}">namespace - **body**: }}">Role, required - **dryRun** (*in query*): string }}">dryRun - **fieldManager** (*in query*): string }}">fieldManager - **fieldValidation** (*in query*): string }}">fieldValidation - **pretty** (*in query*): string }}">pretty #### Response 200 (}}">Role): OK 201 (}}">Role): Created 401: Unauthorized ### `patch` partially update the specified Role #### HTTP Request PATCH /apis/rbac.authorization.k8s.io/v1/namespaces/{namespace}/roles/{name} #### Parameters - **name** (*in path*): string, required name of the Role - **namespace** (*in path*): string, required }}">namespace - **body**: }}">Patch, required - **dryRun** (*in query*): string }}">dryRun - **fieldManager** (*in query*): string }}">fieldManager - **fieldValidation** (*in query*): string }}">fieldValidation - **force** (*in query*): boolean }}">force - **pretty** (*in query*): string }}">pretty #### Response 200 (}}">Role): OK 201 (}}">Role): Created 401: Unauthorized ### `delete` delete a Role #### HTTP Request DELETE /apis/rbac.authorization.k8s.io/v1/namespaces/{namespace}/roles/{name} #### Parameters - **name** (*in path*): string, required name of the Role - **namespace** (*in path*): string, required }}">namespace - **body**: }}">DeleteOptions - **dryRun** (*in query*): string }}">dryRun - **gracePeriodSeconds** (*in query*): integer }}">gracePeriodSeconds - **pretty** (*in query*): string }}">pretty - **propagationPolicy** (*in query*): string }}">propagationPolicy #### Response 200 (}}">Status): OK 202 (}}">Status): Accepted 401: Unauthorized ### `deletecollection` delete collection of Role #### HTTP Request DELETE /apis/rbac.authorization.k8s.io/v1/namespaces/{namespace}/roles #### Parameters - **namespace** (*in path*): string, required }}">namespace - **body**: }}">DeleteOptions - **continue** (*in query*): string }}">continue - **dryRun** (*in query*): string }}">dryRun - **fieldSelector** (*in query*): string }}">fieldSelector - **gracePeriodSeconds** (*in query*): integer }}">gracePeriodSeconds - **labelSelector** (*in query*): string }}">labelSelector - **limit** (*in query*): integer }}">limit - **pretty** (*in query*): string }}">pretty - **propagationPolicy** (*in query*): string }}">propagationPolicy - **resourceVersion** (*in query*): string }}">resourceVersion - **resourceVersionMatch** (*in query*): string }}">resourceVersionMatch - **timeoutSeconds** (*in query*): integer }}">timeoutSeconds #### Response 200 (}}">Status): OK 401: Unauthorized