I given User permissions pods read only permission but user able to delete the pod what is the issue

I create role and rolebindging for a user prasad view pods list pods but user able to delete pods is the issue

What’s the actual YAML of the role? Simplest explanation would be the role is not correctly coded.

apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
namespace: cube2
name: pod-viewer
rules:

  • apiGroups: [“”]
    resources: [“pods”]
    verbs: [“get”, “list”, “watch”]

I assume that in NS cube2 you have a rolebinding assigned to that role and user “prasad”. What do you see if you do

kubectl -n cube2 auth can-i delete pod --as prasad

You aren’t saying how you tested the deletion of pods; perhaps you were not running the command as user prasad.

I am using this command output “NO”.

Then if you are running the command --as prasad, it will fail. If you are succeeding, most likely you are NOT running as prasad :slight_smile: So how are you doing the delete?

The following command is marked as “experimental”, but it works for me on my local cluster. Try it:

kubectl auth whoami