.. _envoy_api_file_envoy/config/filter/http/rbac/v2/rbac.proto: RBAC ==== Role-Based Access Control :ref:`configuration overview `. .. _envoy_api_msg_config.filter.http.rbac.v2.RBAC: config.filter.http.rbac.v2.RBAC ------------------------------- `[config.filter.http.rbac.v2.RBAC proto] `_ RBAC filter config. .. code-block:: json { "rules": "{...}", "shadow_rules": "{...}" } .. _envoy_api_field_config.filter.http.rbac.v2.RBAC.rules: rules (:ref:`config.rbac.v2.RBAC `) Specify the RBAC rules to be applied globally. If absent, no enforcing RBAC policy will be applied. .. _envoy_api_field_config.filter.http.rbac.v2.RBAC.shadow_rules: shadow_rules (:ref:`config.rbac.v2.RBAC `) Shadow rules are not enforced by the filter (i.e., returning a 403) but will emit stats and logs and can be used for rule testing. If absent, no shadow RBAC policy will be applied. .. _envoy_api_msg_config.filter.http.rbac.v2.RBACPerRoute: config.filter.http.rbac.v2.RBACPerRoute --------------------------------------- `[config.filter.http.rbac.v2.RBACPerRoute proto] `_ .. code-block:: json { "rbac": "{...}" } .. _envoy_api_field_config.filter.http.rbac.v2.RBACPerRoute.rbac: rbac (:ref:`config.filter.http.rbac.v2.RBAC `) Override the global configuration of the filter with this new config. If absent, the global RBAC policy will be disabled for this route.