I cannot see the rolebindings with frontend-default controlplane $ kubectl -n om . . .

Gaurav Karki:
I cannot see the rolebindings with frontend-default
controlplane kubectl -n omni get roles NAME CREATED AT fe 2021-05-01T14:12:00Z frontend 2021-05-01T14:12:00Z controlplane kubectl -n omni describe roles
Name: fe
Labels: <none>
Annotations: <none>
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs


configmaps [] [] [create delete]
secrets [] [] [create delete]

Name: frontend
Labels: <none>
Annotations: <none>
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs


secrets [] [] [create]
controlplane $

Fernando Jordan Silva:
It’s the one that doesn’t have any associated role or clusterrole.

Gaurav Karki:
Thanks @Fernando Jordan Silva. My confusion is, there are two SA without rolebindings, default and frontend-default. however the question consider “frontend-default” as correct answer. If no roles are assigned, what’s the default permission does a role has? and why “default” is not the correct answer.

Luis Leon Toribios:
“There are several service accounts created in the omni namespace. Apply the principle of least privilege and use the service account with the minimum privileges (excluding default).”

Gaurav Karki:
@Luis Leon Toribios yes the question does say exclude the system default SA. I was trying to find out what permissions are assigned to defaults and frontend-default SAs.

Luis Leon Toribios:
I read this: “By default, the default service account in a namespace has no permissions other than those of an unauthenticated user.”