Vendor services misconfigurations

GKE using Legacy Authorization (ABAC)

Risk Level

Informational (4)

Compliance Frameworks


Legacy Authorization, also known as Attribute-Based Access Control (ABAC) has been superseded by Role-Based Access Control (RBAC) and is not under active development. RBAC is the recommended way to manage permissions in Kubernetes. It was detected that {GcpGkeCluster} uses ABAC instead of RBAC.
  • Recommended Mitigation

    It is recommended to disable Legacy Authorization on {GcpGkeCluster}. For more info: <a href="," target="_blank" rel="noopener noreferrer">,</a> <a href="" target="_blank" rel="noopener noreferrer"></a>