Daniel Smith

I agree that this would be nice.

Agree w/ Jordan, except that if our own controllers get compressed responses then we don't require wide user adoption to see benefit (but do we do that? why?). But points...

We need the questions from Jordan's comment answered before we can consider this: https://github.com/kubernetes/enhancements/pull/3235#issuecomment-1064046969

I think we can't approve this now, this was @deads2k's ask and I'm not sure this is what he was hoping to get. Since he hasn't already approved, I'll say...

Meant permissions (RBAC verb), sorry, edited.

My vague idea is to add to roles/cluster roles optional allow and deny field lists, so you can give permissions specifically to a given fieldset, or on all fields NOT...

Also I'm really sorry again I didn't find time to read this 3 weeks ago.

> Being able to do PUT and DELETE independently on specific values in the list (as if they were real resources) Nothing in our API works like that. Clients to...

> I would like to see a comparison with another approach, e.g. extending RBAC to limit to specific fields only, before settling on this. BTW, a discussion item is now...

> What are next steps on the scoped-authz doc? SIG Auth road show next week. Then bigger write up of (probably) design 4 as a KEP