RBAC model

rbac principles least privilege by default read only initial onboarding mode explicit elevation for execution enabled workflows namespace scoping where practical separate permissions for analysis vs action kubernetes side rbac document required api groups/resources for read operations additional permissions required for execution workflows optional privileges by module (upgrades, drift remediation, troubleshooting actions) kubegrade app rbac document owner/admin/developer/viewer permissions scope inheritance (org → workspace → project → cluster) approval authority vs execution authority separation