# Rbac Profiles

### Kubernetes RBAC

The [Role Based Access Control](https://kubernetes.io/docs/reference/access-authn-authz/rbac/) or (RBAC) system in Kubernetes is composed of users, roles, and permissions and. It creates objects that allow validated users or groups access to objects and resources within a cluster. RBAC also defines what type of actions are permitted, grounded on the security principle of least privilege based on the user's role and function within the organization.

<figure><img src="/files/AeXHCZauKk0Ov7xlkpj0" alt=""><figcaption></figcaption></figure>

### Cluster RBAC Profiles

Cluster RBAC Profiles are a governance mechanism in PMK to enable operators to easily ensure that all their Kubernetes clusters conform to required RBAC rules. A Cluster RBAC Profile is a collection of Roles, Cluster Roles, Cluster Bindings and Cluster Role Bindings. The RBAC Profile, once created, is stored on the Platform9 SaaS Management Plane, and acts as a form of 'template' for clusters managed by Platform9. RBAC Profiles are created from existing clusters, which can be customized and then deployed to any attached Platform9 cluster. The deployment process will update the target cluster's RBAC policies to ensure it conforms to the profile. Any policies that are outside the profile will be left unchanged.

{% hint style="info" %}
**Info**

Profile deployment is ***non-destructive***. Platform9 does not remove Policies or API access from a cluster.
{% endhint %}

### Drift Analytics

The Profile Engine can compare any managed clusters RBAC configuration to any RBAC Profile, including automatically detecting drift for clusters that have a profile applied. Drift Analytics enable you to quickly identify and resolve any RBAC Policy changes that have been made on a cluster that are not compliant with the profile.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.platform9.com/managed-kubernetes/5.8/rbac-profiles.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.