Skip to main content
The Identity & Access view analyzes every RBAC binding in your cluster to find security risks.

Findings

  • Overprivileged ServiceAccounts — more permissions than needed
  • Cluster-admin bindings — non-system accounts with full access
  • Wildcard permissions — roles with * verbs or resources
  • Unused ServiceAccounts — accounts with no associated pods
  • Cross-namespace access — broad ClusterRoleBindings
  • Secret access — accounts reading secrets outside their namespace
  • Privilege escalation — accounts that can create bindings or impersonate

Risk Levels

LevelExamples
CriticalNon-system cluster-admin, wildcard secrets
HighCreate/modify RBAC, pod exec across namespaces
MediumList secrets in own namespace, broad read access
LowUnused ServiceAccount, default token mounted

Data Collection

The agent collects RBAC data automatically: ClusterRoles, Roles, ClusterRoleBindings, RoleBindings, and ServiceAccounts. No additional configuration needed.