Package: rbac.options.gloo.solo.io


Source File: github.com/solo-io/gloo/projects/gloo/api/v1/enterprise/options/rbac/rbac.proto


Global RBAC settings

"requireRbac": bool

Field Type Description
requireRbac bool Require RBAC for all virtual hosts. A vhost without an RBAC policy set will fallback to a deny-all policy.


RBAC settings for Virtual Hosts and Routes

"disable": bool
"policies": map<string, .rbac.options.gloo.solo.io.Policy>

Field Type Description
disable bool Disable RBAC checks on this resource (default false). This is useful to allow access to static resources/login page without RBAC checks. If provided on a route, all route settings override any vhost settings.
policies map<string, .rbac.options.gloo.solo.io.Policy> Named policies to apply.


"principals": []rbac.options.gloo.solo.io.Principal
"permissions": .rbac.options.gloo.solo.io.Permissions

Field Type Description
principals []rbac.options.gloo.solo.io.Principal Principals in this policy.
permissions .rbac.options.gloo.solo.io.Permissions Permissions granted to the principals.


An RBAC principal - the identity entity (usually a user or a service account).

"jwtPrincipal": .rbac.options.gloo.solo.io.JWTPrincipal

Field Type Description
jwtPrincipal .rbac.options.gloo.solo.io.JWTPrincipal


A JWT principal. To use this, JWT option MUST be enabled.

"claims": map<string, string>
"provider": string

Field Type Description
claims map<string, string> Set of claims that make up this principal. Commonly, the ‘iss’ and ‘sub’ or ‘email’ claims are used. all claims must be present on the JWT.
provider string Verify that the JWT came from a specific provider. This usually can be left empty and a provider will be chosen automatically.


What permissions should be granted. An empty field means allow-all. If more than one field is added, all of them need to match.

"pathPrefix": string
"methods": []string

Field Type Description
pathPrefix string Paths that have this prefix will be allowed.
methods []string What http methods (GET, POST, …) are allowed.