Skip to main content



Role-based access control (RBAC) is a method of regulating access to your Operator. When debugging, the Operator will automatically apply configured RBAC rules, and use them. This allows you to verify configuration before deployment.

Configuring RBAC rules

RBAC rules are configured by appling RbacRule annotations to classes within the Operator project. They can be applied to any class including Controllers, Finalizers and Webhooks.


using Neon.Operator.Attributes;
using Neon.Operator.Rbac;

namespace ExampleOperator
Example controller
Verbs = RbacVerb.All,
Scope = EntityScope.Cluster)]
Verbs = RbacVerb.List
| RbacVerb.Create,
Scope = EntityScope.Cluster)]
Verbs = RbacVerb.Get
| RbacVerb.Watch
| RbacVerb.Patch,
Scope = EntityScope.Namespaced)]
Verbs = RbacVerb.Get
| RbacVerb.Watch,
Scope = EntityScope.Namespaced)]
public class ExampleController : ResourceControllerBase<V1ExampleEntity>
// your controller implementation

Generating RBAC manifests

The Neon.Operator NuGet package includes analyzers to generate RBAC rules for your Operator. You can disable this analyzer with the NeonOperatorGenerateRbac MSBuild property.

For example: