Skip to content

Access control based on Kubernetes RBAC #12

Open
Open
Access control based on Kubernetes RBAC#12
Labels
triage/needs-informationIndicates an issue needs more information in order to work on it.
@ahmedwaleedmalik

Description

@ahmedwaleedmalik
ahmedwaleedmalik
opened on Mar 12, 2026

Summary

Implement access control in the dashboard that respects Kubernetes RBAC. Users should only see and interact with resources they have permission to access based on their K8s roles.

Requirements

  • Dashboard respects the authenticated user's K8s RBAC permissions
  • Resources the user cannot access are hidden or show appropriate "forbidden" state
  • No client-side workarounds — the API sidecar should forward requests with the user's identity, and K8s API enforces RBAC
  • Graceful handling of 403 responses from K8s API

Tasks

  • Forward authenticated user's token/identity to K8s API requests (depends on Auth issue)
  • Handle 403 responses in frontend (per-resource and per-page)
  • Add RBAC-aware UI: hide nav items or show "no access" for forbidden resources
  • SelfSubjectAccessReview integration to pre-check permissions where needed
  • Test with different role configurations (admin, read-only, namespace-scoped)

Metadata

Metadata

Assignees

No one assigned

    Labels

    triage/needs-informationIndicates an issue needs more information in order to work on it.

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions