Skip to main content
Version: 1.5.x

Policy Bindings

Binding

A binding associates a role with a set of subjects.

Bindings are used to configure policies, where different roles can be assigned to different sets of subjects to configure a fine-grained access control to the resource protected by the policy.

FieldDescriptionValidation Rule

role

string
REQUIRED
The role that defines the permissions that will be granted to the target resource.

string = {
  min_len: 1
}

subjects

List of tetrateio.api.tsb.rbac.v2.Subject
The set of subjects that will be allowed to access the target resource with the permissions defined by the role.

Subject

Subject identifies a user or a team under an organization. Roles are assigned to subjects for specific resources in the system.

FieldDescriptionValidation Rule

user

string
A user in TSB, created through LDAP sync or API. Must use the fully-qualified name (fqn) of the user. E.g. organization/myorg/users/alice

team

string
A team in TSB, created through LDAP sync or API. Must use the fully-qualified name (fqn) of the team. E.g. organization/myorg/teams/t1

serviceAccount

string
A service account in TSB. Must use the fully-qualified name (fqn) of the service account. E.g. organization/myorg/serviceaccounts/sa1