DemandFlow Support Centre

Home Knowledge Base Submit a Ticket

K8SROLE: K8s Role

ReferenceEntity Reference16/04/2026Updated 16/04/2026
A Kubernetes Role or ClusterRole defining a set of permissions (API verbs on resources) that can be bound to users, groups, or service accounts.

K8SROLE: K8s Role

A Kubernetes Role or ClusterRole defining a set of permissions (API verbs on resources) that can be bound to users, groups, or service accounts.

Default definition. This article describes the default K8SROLE definition shipped with DemandFlow. Administrators can add, remove, rename, or re-type fields, change which ones are required, and alter the layout from the Definitions screen in Settings. Your tenant's current schema may differ from what is shown here. To read the current definition at any time, GET the DEFINITION object whose id matches K8SROLE.

Entity properties

PropertyValue
Entity codeK8SROLE
Display nameK8s Role
PluralK8s Roles
Level411

Use cases

K8SROLE covers both namespace-scoped Roles and cluster-scoped ClusterRoles via the roleScope field. When roleScope is Role, the namespace objectLookup is relevant; for ClusterRole it should be hidden via visibility. The rules textarea holds the JSON array of PolicyRule objects.

Fields

Role Information

FieldTypeRequiredNotes
nametextYesName
roleScopeenumYesRole Scope Valid ids: 1 (Role), 2 (ClusterRole).
namespacereference → K8SNAMESPACENamespace
descriptiontext (multi-line)Description

Metadata

FieldTypeRequiredNotes
labelstext (multi-line)JSON key-value pairs
annotationstext (multi-line)JSON key-value pairs

Permission Rules

FieldTypeRequiredNotes
rulestext (multi-line)JSON array of PolicyRule objects: [{apiGroups, resources, verbs, resourceNames}]
apiGroupstextComma-separated API groups (e.g. '', apps, batch)
resourcestextComma-separated resources (e.g. pods, deployments, services)
verbsmultiselectVerbs
resourceNamestextComma-separated specific resource names (optional)

ClusterRole Aggregation

FieldTypeRequiredNotes
aggregationEnabledbooleanAggregation Enabled
aggregationLabelstext (multi-line)JSON label selector for aggregating other ClusterRoles

Relationships

  • Lookups: namespace points at a K8SNAMESPACE record.
  • Related lists: K8SROLEBINDING (format SUB|K8SROLE).

Creating a K8s Role via the API

POST /v1/objects
Authorization: Bearer <your-pat>
Content-Type: application/json

{
  "entity":   "K8SROLE",
  "level":    411,
  "comboKey": "SUB:<your-sub-id>|ENT:",
  "name": "Example",
  "roleScope": "1",
  "namespace": "",
  "description": "Example text."
}

Listing K8s Roles records

# All k8s roles in your tenant
GET /v1/entities/K8SROLE/SUB

See also

k8srolek8srolerolesentity reference

Was this article helpful?

← Back to Knowledge Base
Powered by DemandFlow