confluent iam rbac role-binding create

Description

Create a role binding.

confluent iam rbac role-binding create [flags]

Note

If you need to troubleshoot when setting up role bindings, it may be helpful to view audit logs on the fly to identify authorization events for specific principals, resources, or operations. For details, refer to Viewing audit logs on the fly.

Flags

    --role string               REQUIRED: Role name of the new role binding.
    --principal string          REQUIRED: Qualified principal name for the role binding.
    --environment string        Environment ID for scope of role-binding operation.
    --current-env               Use current environment ID for scope.
    --cloud-cluster string      Cloud cluster ID for the role binding.
    --kafka-cluster-id string   Kafka cluster ID for the role binding.
    --resource string           Qualified resource name for the role binding.
    --prefix                    Whether the provided resource name is treated as a prefix pattern.
-o, --output string             Specify the output format as "human", "json", or "yaml". (default "human")

Global Flags

-h, --help            Show help for this command.
    --unsafe-trace    Equivalent to -vvvv, but also log HTTP requests and responses which may contain plaintext secrets.
-v, --verbose count   Increase verbosity (-v for warn, -vv for info, -vvv for debug, -vvvv for trace).

Examples

Grant the role “CloudClusterAdmin” to the principal “User:u-123456” in the environment “env-12345” for the cloud cluster “lkc-123456”:

confluent iam rbac role-binding create --principal User:u-123456 --role CloudClusterAdmin --environment env-12345 --cloud-cluster lkc-123456

Grant the role “ResourceOwner” to the principal “User:u-123456”, in the environment “env-12345” for the Kafka cluster “lkc-123456” on the resource “Topic:my-topic”:

confluent iam rbac role-binding create --principal User:u-123456 --role ResourceOwner --resource Topic:my-topic --environment env-12345 --kafka-cluster-id lkc-123456

Grant the role “MetricsViewer” to service account “sa-123456”:

confluent iam rbac role-binding create --principal User:sa-123456 --role MetricsViewer

See Also