OptionalfieldfieldSelector describes the limitation on access based on field. It can only limit access, not broaden it.
This field is alpha-level. To use this field, you must enable the AuthorizeWithSelectors feature gate (disabled by default).
OptionalgroupGroup is the API Group of the Resource. "*" means all.
OptionallabellabelSelector describes the limitation on access based on labels. It can only limit access, not broaden it.
This field is alpha-level. To use this field, you must enable the AuthorizeWithSelectors feature gate (disabled by default).
OptionalnameName is the name of the resource being requested for a "get" or deleted for a "delete". "" (empty) means all.
OptionalnamespaceNamespace is the namespace of the action being requested. Currently, there is no distinction between no namespace and all namespaces "" (empty) is defaulted for LocalSubjectAccessReviews "" (empty) is empty for cluster-scoped resources "" (empty) means "all" for namespace scoped resources from a SubjectAccessReview or SelfSubjectAccessReview
OptionalresourceResource is one of the existing resource types. "*" means all.
OptionalsubresourceSubresource is one of the existing resource types. "" means none.
OptionalverbVerb is a kubernetes resource API verb, like: get, list, watch, create, update, delete, proxy. "*" means all.
OptionalversionVersion is the API Version of the Resource. "*" means all.
ResourceAttributes includes the authorization attributes available for resource requests to the Authorizer interface