Restricted admin #62754

kamantauskasrokas-dot · 2026-01-12T06:41:27Z

kamantauskasrokas-dot
Jan 12, 2026

Hello,
is there any way to make restricted admin role, i want to deny editing some users for certain admins, i am trying something like this, but it doest work

GNU nano 7.2 user-manager.yaml *
kind: role
metadata:
name: user-manager
spec:
allow:
rules:
- resources: ["user"]
verbs: ["list", "create", "read", "update"]

  - resources: ["role"]
    verbs: ["list", "read"]

deny:
rules:
- resources: ["user"]
verbs: ["update", "delete"]
where: 'user.metadata.name == "username"'
version: v7

Answered by stevenGravy

Jan 12, 2026

The where filtering is not available for all resource rules. user is not one of them. You may want to look at using access requests to limit when a user does update and delete so it is confirmed by another user.

View full answer

stevenGravy · 2026-01-12T12:21:45Z

stevenGravy
Jan 12, 2026
Collaborator

The where filtering is not available for all resource rules. user is not one of them. You may want to look at using access requests to limit when a user does update and delete so it is confirmed by another user.

0 replies

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Restricted admin #62754

Uh oh!

{{title}}

Uh oh!

Replies: 1 comment

Uh oh!

{{title}}

Uh oh!

Select a reply

Uh oh!

Restricted admin #62754

Uh oh!

kamantauskasrokas-dot Jan 12, 2026

Replies: 1 comment

Uh oh!

stevenGravy Jan 12, 2026 Collaborator

kamantauskasrokas-dot
Jan 12, 2026

stevenGravy
Jan 12, 2026
Collaborator