Not sure if a question or an enhancement request, but I was a bit surprised to see that the rbac-tool lookup output doesn't show the corresponding [Cluster]RoleBindings associating the given ServiceAccount with the outputted [Cluster]Roles. I've looked at rbac-tool lookup --help, but didn't see anything relevant. Is this not possible currently?

My use case is that I already know what [Cluster]Roles the ServiceAccount is associated with, but I don't know from which [Cluster]RoleBindings, if that makes sense.

@lbogdan - the lookup command only lists the [Cluster]Roles associated with the selected ServiceAccounts/Users/Groups.

The visualize command (viz) should give a detailed graph view of the full RBAC object relationships . You should be able to run it against specific namespace to focus on the portion you are interested .

Thanks for the quick reply!

Why I was surprised is because to get the associated [Cluster]Roles you have to first get the [Cluster]RoleBindings (or am I wrong here?), so it should be just a matter of displaying them.

v1.15.0 add support for this functionality