cronjobs.batch is forbidden on a kubernetes pod

Question

I am new to kubernetes administration. While trying to list & setup new cronjobs, one of the users is getting the following error:

Error from server (Forbidden): cronjobs.batch is forbidden: User cannot list cronjobs.batch in the namespace

The role while creating this user:

kind: Role
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
  namespace: <user>
  name: <user>-role
rules:
- apiGroups: ["", "extensions", "apps"]
  resources: ["*"]
  verbs: ["*"]

The role binding while creating this user:

kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
  name: <user>-role-binding
  namespace: <user>
subjects:
- kind: User
  name: <user>
  apiGroup: ""
roleRef:
  kind: Role
  name: <user>-role
  apiGroup: ""

What could the issue possibly be?

Answer 1

The Cronjob resource belongs to the batch API group.

In your RBAC role, you have only granted access to the core (empty name), extensions and apps API groups.

To enable your user to access CronJob objects, add the batch API group to your RBAC role:

kind: Role
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
  namespace: <user>
  name: <user>-role
rules:
- apiGroups: ["", "extensions", "apps", "batch"]
  resources: ["*"]
  verbs: ["*"]