You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: content/en/docs/reference/access-authn-authz/rbac.md
+2-1Lines changed: 2 additions & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -281,7 +281,8 @@ rules:
281
281
{{< note >}}
282
282
You cannot restrict `create` or `deletecollection` requests by their resource name.
283
283
For `create`, this limitation is because the name of the new object may not be known at authorization time.
284
-
If you restrict `list` or `watch` by resourceName, then the only way that a client including kubectl can perform that `list` or `watch` is by specifying a field selector that matches on metadata.name.
284
+
If you restrict `list` or `watch` by resourceName, clients must include a `metadata.name` field selector in their `list` or `watch` request that matches the specified resourceName in order to be authorized.
285
+
For example, `kubectl get configmaps --field-selector=metadata.name=my-configmap`
0 commit comments