Represents the permissions granted to an identity that can be discovered by an attacker.
|Identity||PermissionSet||Permission Groups Discovery, T1069|
K8s RBAC aggregates sets of API permissions together under
Role (namespaced) and
ClusterRole (cluster-wide) objects. These are then assigned to specific users via a
RoleBinding (namespaced) or
ClusterRoleBinding (cluster-wide) objects. This edge represents this relationship granting one or more permissions to an identity, which can be discovered by an attacker.
A full list of identity → role mappings can be retrieved via:
To discover the permissions of the current identity use:
No exploitation is necessary. This edge simply indicates that an identity grants a specific set of permissions (effectively represents a
ClusterRoleBinding in K8s).