RBAC changes necessary for Project Owners to manage LimitRanges via kubectl/yaml files?

Is this possible? Currently I have users who are Project Owners who want to be able to use “kubectl apply -f limitrange-foo.yaml” to manage LimitRanges so they can manage/version their changes…

Not the most intuitive thing, I’m not sure if I did this right but it works.

Under Global --> Security --> Roles I created a Project Role called LimitRange admins, with all verbs for the LimitRanges Resource. I inherited all the permissions of Project Owner hoping that would include existing users that I’ve already granted full permissions to the project.

But that wasn’t enough. The last step was to go to the Project --> Members and add each Member again with the new LimitRange admins Role.

Users can now manage LimitRanges via kubectl within their allowed namespace.

Inheriting is the other way, for making a role that includes all the rules of another role so that you don’t have to define them again. If you do that you essentially have “Project Owner + (new stuff you granted)” and would only need to assign users that one role, not Project Owner plus Limit Range Admin separately.