Roles

A Role defines a set of permissions to be applied to a user. Role-based access control (RBAC) is a method of regulating access to computer or network resources based on the roles of individual users within your organization. A Role always sets permissions within a particular namespace, when you create a Role, you have to specify the namespace it belongs in.

Under Resource Type - Authorization section you can view ClusterRoles and Roles resources on your cluster listed by namespace.

Click on the cluster-autoscaler-aws-cluster-autoscaler role to view more details for that role. The below screenshot shows the cluster-autoscaler-aws-cluster-autoscaler role created under namespace kube-system which has authorization to delete, get, and update on configmaps resources.

A ClusterRoles are a set of rules that are scoped to a cluster and not a namespace, which makes them different from a Role. ClusterRoles are additive, and you cannot set "deny" rules. You would generally use ClusterRoles to define cluster-wide permissions. Below we can see the list of ClusterRoles on your cluster.