This message was deleted.

There is no "field-level" rbac in k8s and what you're asking cannot be done. Get lets you make the API call to read a specific resource by name. List gives you back you ALL of them, with their entire body as you'd receive from "get". You don't see that shown in the kubectl table output, but that doesn't mean it's not there. Try adding

-o yaml

. So granting list without get is basically a meaningless distinction. You can still get the info you want, but are forcing the client to ask for extra info they don't want and throw away. Get without list has some value because you now need to know the name of the thing you want to get, but you can also just start going through a dictionary and guessing... Anyway, the UI makes list calls because individual gets would just be fantastically inefficient.