How are permissions assigned to a user in Kubernetes using RBAC?

• A. By editing the etcd store directly
• B. Through the user's membership or group membership assigned by a ClusterRoleBinding
• C. By creating a RoleBinding in a namespace
• D. By specifying a Namespace

Answer: (B)

In RBAC, access is granted by binding a role to a subject. A role defines what actions are allowed on which resources, and a binding connects that role to a subject such as a user, a group, or a service account. If you want permissions across the whole cluster (or want to apply the same permissions to many users via groups), you use a ClusterRole together with a ClusterRoleBinding. The binding can specify the user directly or refer to a group, so membership or group membership becomes the way to grant those privileges. This is why assigning permissions through a ClusterRoleBinding based on the user or their group membership is the correct mechanism. Namespace-scoped access is achieved with a RoleBinding in a specific namespace, but the fundamental mechanism remains binding a role to a subject; editing etcd directly is not how RBAC operates, and a namespace alone does not grant permissions.