https://projectcapsule.dev/docs/tenants/rules/Recent content in Rules on CapsuleHugo -- gohugo.ioenhttps://projectcapsule.dev/docs/tenants/rules/enforcement/Mon, 01 Jan 0001 00:00:00 +0000https://projectcapsule.dev/docs/tenants/rules/enforcement/Namespace rules can enforce admission behavior for selected resources in Tenant namespaces. Each enforce block can define an action and one or more matchers. Rules are evaluated in declaration order. If multiple allow or deny rules match the same request, the last matching allow or deny rule wins. If at least one allow rule is configured for a workload matcher and no allow or deny rule matches the evaluated value, Capsule denies the request.https://projectcapsule.dev/docs/tenants/rules/permissions/Mon, 01 Jan 0001 00:00:00 +0000https://projectcapsule.dev/docs/tenants/rules/permissions/Declare permission distribution rules for the selected namespaces. Promotions As an administrator, you can define promotion rules. A promotion rule selects ServiceAccounts within a Tenant based on specified conditions and assigns them predefined ClusterRoles. The selected ClusterRoles are then applied across all namespaces belonging to the Tenant, or a selected subset of namespaces, with the corresponding ServiceAccounts configured as subjects. This allows a ServiceAccount in one namespace to automatically receive equivalent permissions in other namespaces of the same Tenant.