API Access Bindings
APInAccessBindings
is an assignment of roles to a set of users or
teams to access API resources. The user or team
information is obtained from an LDAP server that should have been
configured as part of Service Bridge installation. Note that a
APIAccessBinding
can be created or modified only by users who
have set_rbac
permission on the API resource.
The following example assigns the api-admin
role to users
alice
, bob
, and members of the t1
team for the APIs openapi
in the application app
owned by the tenant mycompany
.
Use fully-qualified name (fqn) when specifying user and team
apiVersion: rbac.tsb.tetrate.io/v2
kind: APIAccessBindings
metadata:
organization: myorg
tenant: mycompany
application: app
api: openapi
spec:
allow:
- role: rbac/api-admin
subjects:
- user: organization/myorg/users/alice
- user: organization/myorg/users/bob
- team: organization/myorg/teams/t1
APInAccessBindings
APInAccessBindings
assigns permissions to users of APIs.
Field | Description | Validation Rule |
allow | List of tetrateio.api.tsb.rbac.v2.Binding | – |