Role Based Access Control Three key building blocks Subject Groups Users ServiceAccounts API resources ConfigMap Pod Deployment Node Operations (Verbs) create list watch delete