# permissions for end users to edit azurefirewallrules. apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: azurefirewallrules-editor-role rules: - apiGroups: - egress.azure-firewall-egress-controller.io resources: - azurefirewallrules verbs: - create - delete - get - list - patch - update - watch - apiGroups: - egress.azure-firewall-egress-controller.io resources: - azurefirewallrules/status verbs: - get