Quiz Report Card: RBAC Verbs

Date: 2026-03-09 | Qwen 3.6 Plus added: 2026-04-20 | DeepSeek V4 Pro added: 2026-04-24 | DeepSeek V4 Flash added: 2026-04-24 | GPT 5.5 added: 2026-04-25 | Kimi K2.6 added: 2026-04-26 | Qwen3.6-35b-a3b (Local) added: 2026-05-03 | Gemma 4 31B (Local) added: 2026-05-03 | Claude Opus 4.8 added: 2026-05-31 Question: What are all of the verbs supported by Kubernetes RBAC system?

Reference Answer

This is essentially a trick question — Kubernetes RBAC allows any verb string to exist. The verb field in RBAC rules is a free-form string, and the authorization system simply checks whether the verb on the incoming request matches what’s in the role. There is no fixed, closed set of “all verbs.”

However, there are well-known sets of verbs defined by Kubernetes by default:

Standard resource verbs:

  • get, list, watch, create, update, patch, delete, deletecollection

Special verbs (valid for certain objects):

  • escalate — allows creating/updating roles with permissions the caller doesn’t have (Roles/ClusterRoles)
  • bind — allows creating bindings to roles (Roles/ClusterRoles)
  • impersonate — allows acting as another user/group/service account

Additional known verbs:

  • use — PodSecurityPolicy (deprecated)
  • approve, sign — CertificateSigningRequests

A good answer should ideally recognise that the verb set is open-ended, then cover the standard and special verbs.

Scoring Criteria

  1. Trick question recognition: RBAC allows any verb — there is no fixed “all verbs” list. This is the key insight.
  2. Standard verbs: The 8 standard resource verbs (get, list, watch, create, update, patch, delete, deletecollection)
  3. Special verbs: escalate, bind, impersonate — important for security
  4. Additional verbs: use, approve, sign, and others
  5. Accuracy: No incorrect claims about how verbs work

Results Summary

Model Score Trick Recognised Standard Verbs Special Verbs Additional Errors
anthropic/claude-opus-4.7 8/10 No All 8 All 3 approve, sign, use Misleading on custom verbs
openai/gpt-5.4 9/10 Yes All 8 All 3 approve, sign, use None
anthropic/claude-sonnet-4.6 7/10 Hinted All 8 All 3 approve, sign, use None
google/gemini-3-flash-preview 7/10 No All 8 All 3 use, proxy, approve execute/attach confusion
minimax/minimax-m2.5 6/10 No All 8 All 3 + use None Missing approve/sign
deepseek/deepseek-v3.2 6/10 No All 8 All 3 + use, approve, sign proxy update/patch claim wrong
minimax/minimax-m2.7 6/10 No Yes (8) Yes (3) use, wildcard Treats as finite list
qwen/qwen3.6-plus 7/10 Partial All 8 All 3 + use proxy, approve Incorrect “no custom verbs” claim
deepseek/deepseek-v4-pro 8/10 No All 8 All 3 use, approve, sign None
deepseek/deepseek-v4-flash 7/10 No All 8 All 3 use Fabricates exec/attach as verbs
moonshotai/kimi-k2.6 9/10 Yes All 8 All 3 approve, sign, use Catches custom verb trick
openai/gpt-5.5 9/10 Yes All 8 All 3 approve, sign, use, proxy None
qwen/qwen3.6-35b-a3b (LOCAL) 6/10 Yes Yes No Treats verb list as fixed/exhaustive  
anthropic/claude-opus-4.8 8/10 No All 8 All 3 approve, sign, use Misses trick
google/gemma-4-31b (LOCAL) 6/10 No All 8 Partial Treats verb list as fixed/exhaustive  

Detailed Analysis

anthropic/claude-opus-4.7 — 8/10

Strengths:

  • All 8 standard verbs: get, list, watch, create, update, patch, delete, deletecollection
  • All 3 special verbs: impersonate, bind, escalate
  • Mentions approve and sign for CSRs — bonus points
  • Mentions wildcard *

Weaknesses:

  • Does not recognise the trick — implies a fixed set of verbs. Notes custom resources “can define additional verbs via subresources” but then says “the verb itself is usually still one of the standard ones” — misleading.
  • Missing the key insight that RBAC verbs are free-form strings and custom verbs ARE supported

Comparison vs Opus 4.6 (7): Improvement. CSR verbs (approve, sign) and all 3 special verbs is better coverage.

Notable: Best verb coverage of any Anthropic model, but still misses the trick that only GPT 5.4 caught. The Anthropic family pattern of treating RBAC verbs as a closed set persists.

openai/gpt-5.4 — 9/10

Strengths:

  • Opens with the key insight: “Kubernetes RBAC doesn’t have a single small fixed list of ‘all verbs’ in the strict API sense” — this is the trick answer the question is testing for
  • All 8 standard resource verbs correctly listed
  • All 3 special verbs (escalate, bind, impersonate) correctly listed with accurate descriptions
  • Additional verbs: approve, sign, use
  • Reinforces the insight at the end: “Kubernetes authorization ultimately checks the verb string on the request, so some APIs/subresources introduce additional specialized verbs”
  • Non-resource URL verbs covered
  • Good structure separating standard from special verbs

Weaknesses:

  • Could have been more explicit about the fact that literally any string can be used as a verb in an RBAC rule
  • Non-resource URL verbs section includes HTTP verbs (put, head, options) that aren’t commonly relevant

Notable: The only model to recognise this as a trick question. Opening with “doesn’t have a single small fixed list” and closing with “checks the verb string on the request” demonstrates genuine understanding of how RBAC authorization works internally.

anthropic/claude-sonnet-4.6 — 7/10

Strengths:

  • All 8 standard resource verbs correctly listed with descriptions
  • All 3 special verbs (escalate, bind, impersonate) correctly listed
  • Additional verbs: use, approve, sign
  • Non-resource URL verbs covered
  • Note at the end hints at extensibility: “Custom resource definitions (CRDs) and aggregated API servers may also define their own custom verbs (e.g., exec, portforward, proxy)”

Weaknesses:

  • Does not explicitly recognise the trick — presents the answer as a finite, enumerable list
  • The CRD note hints at extensibility but doesn’t state the key insight: that any verb string works in RBAC
  • Mentions exec and portforward as “custom verbs” — these are actually subresources accessed via standard verbs (create on pods/exec), not custom verbs

Notable: Comprehensive verb coverage and the CRD note shows awareness that the list isn’t fully closed, but stops short of the key insight. The closest to GPT 5.4’s answer without actually getting there.

google/gemini-3-flash-preview — 7/10

Strengths:

  • All 8 standard resource verbs correctly listed with good descriptions
  • All 3 special verbs (escalate, bind, impersonate) correctly listed
  • Additional verbs: use, proxy, approve
  • Useful practical tip: kubectl api-resources -o wide to see supported verbs per resource
  • Good summary table categorising verbs by function

Weaknesses:

  • Does not recognise the trick — presents a fixed list as the answer
  • Lists “execute” and “attach” as verbs — these are not verbs; they are subresources (pods/exec, pods/attach) accessed via standard verbs like create
  • Missing sign verb for CSRs

Notable negative: The kubectl api-resources -o wide tip is practically useful, but listing “execute” and “attach” as verbs shows a confusion between subresources and verbs.

minimax/minimax-m2.5 — 6/10

Strengths:

  • All 8 standard resource verbs correctly listed with HTTP method mapping
  • Special verbs: bind, escalate, impersonate, use — correctly listed
  • Clean table format with HTTP method correspondence
  • Mentions wildcard *

Weaknesses:

  • Does not recognise the trick — presents a fixed list
  • Missing approve and sign verbs for CSRs
  • Non-resource URL section only mentions get — incomplete
  • No mention of extensibility or custom verbs

Notable: The HTTP method mapping table is useful reference material, but the answer is treated as a closed, enumerable list without any hint that RBAC verbs are open-ended.

deepseek/deepseek-v3.2 — 6/10

Strengths:

  • All 8 standard resource verbs correctly listed
  • Special verbs: impersonate, bind, escalate, use, approve, sign — good coverage
  • Also mentions proxy
  • Mentions wildcard *

Weaknesses:

  • Does not recognise the trick — presents a fixed list
  • Claims “update implicitly include patch in many contexts” — this is incorrect. update and patch are separate, independent operations in Kubernetes. update replaces the entire object; patch modifies specific fields. Having one does not grant the other.
  • Presents the list as closed and finite

Notable negative: The update/patch conflation is a factual error. These are distinct API operations with different HTTP methods (PUT vs PATCH) and different RBAC permissions. A role granting update does not grant patch.

minimax/minimax-m2.7 — 6/10

Strengths:

  • Lists all 8 standard resource verbs
  • Includes bind/escalate/impersonate
  • Includes “use” for PSP
  • HTTP method mapping table
  • Wildcard mention

Weaknesses:

  • Completely misses the trick — presents as finite enumerable list without recognizing verbs are free-form strings
  • Doesn’t mention custom verbs via CRDs
  • Missing approve and sign for CSRs

Notable: Same score as MiniMax M2.5 (6/10). Neither MiniMax model recognized the open-ended nature of RBAC verbs. Only GPT 5.4 (9/10) got this right.

qwen/qwen3.6-plus — 7/10

Strengths:

  • All 8 standard resource verbs correctly listed
  • All 3 special verbs (bind, escalate, impersonate) correctly listed with accurate descriptions
  • Additional verbs: proxy and use (PSP, noted as deprecated)
  • Non-resource URL verbs covered (HTTP methods)
  • Mentions CRDs can define custom verbs
  • Wildcard * covered with note that it matches all verbs including special ones

Weaknesses:

  • Contradictory claims about custom verbs: States “The Kubernetes RBAC system doesn’t define its own arbitrary verbs” in the opening, but then correctly notes CRDs can define custom verbs. The opening statement is misleading — RBAC explicitly allows any verb string.
  • Claims “The API server rejects unknown verbs unless they’re explicitly registered” — this is incorrect. RBAC is a string-matching system; any verb string works in a Role definition.
  • Does not fully recognise the trick — while acknowledging CRD custom verbs, doesn’t identify that RBAC verbs are fundamentally open-ended free-form strings
  • proxy listed as a verb — this is not a standard RBAC verb; proxy access is through subresources like nodes/proxy

Notable: Better verb coverage than most models (includes proxy, use, all special verbs), and the CRD custom verbs mention hints at extensibility. But the incorrect claim about API server rejecting unknown verbs undermines the response, as it directly contradicts the key insight that RBAC verbs are free-form strings.

deepseek/deepseek-v4-pro — 8/10

Strengths:

  • Comprehensive list with good organization
  • All 8 standard verbs: get, list, watch, create, update, patch, delete, deletecollection
  • All 3 special verbs: bind, escalate, impersonate
  • Additional verbs: use, approve, sign
  • Wildcard * covered

Weaknesses:

  • Does not recognise the trick that any verb string can exist in RBAC — presents as a finite list
  • Missing the key insight that RBAC verbs are free-form strings

Notable: Strong verb coverage matching Opus 4.7 at 8/10. A significant improvement over DeepSeek V3.2 (6/10, which had the incorrect update/patch conflation). However, like most models, still misses the open-ended nature of RBAC verbs that only GPT 5.4 caught.

deepseek/deepseek-v4-flash — 7/10

Strengths:

  • Covers all 8 standard resource verbs: get, list, watch, create, update, patch, delete, deletecollection
  • All 3 special verbs correctly identified: bind, escalate, impersonate
  • Mentions use for PodSecurityPolicy

Weaknesses:

  • Does not recognise the trick — presents verbs as a finite, closed list without acknowledging that RBAC allows any verb string
  • Fabricates exec and attach as verbs — these are subresources (pods/exec, pods/attach) accessed via standard verbs like create, not verbs themselves. This is the same error Gemini 3 Flash made.
  • Missing approve and sign verbs for CertificateSigningRequests
  • Misses arbitrary custom verbs

Notable: Scores between V4 Pro (8/10) and V3.2 (6/10). The exec/attach fabrication is a concerning error that shows confusion between subresources and verbs — the same mistake Gemini 3 Flash made. Like most models, does not recognise the open-ended nature of RBAC verbs.

openai/gpt-5.5 — 9/10

Strengths:

  • Explicitly recognises the trick: Opens with “Kubernetes RBAC does not have a single hard-coded enum of verbs; a PolicyRule.verbs entry is a string” — this is the key insight the question tests for
  • All 8 standard resource verbs correctly listed: get, list, watch, create, update, patch, delete, deletecollection
  • All 3 special verbs: bind, escalate, impersonate with accurate descriptions
  • Comprehensive additional verbs: approve, sign, use (with PSP deprecation note), proxy (correctly noted as legacy)
  • Non-resource URL HTTP methods covered
  • Wildcard * covered with appropriate caution note
  • Good structure separating standard, special, and non-resource URL verbs

Weaknesses:

  • Lists proxy as a verb — correctly notes it is legacy and modern proxy access uses standard verbs on subresources, but including it in the final summary list could be slightly misleading
  • Could have been more explicit that literally any arbitrary string works as a verb in RBAC rules

Notable: Previously only GPT 5.4 caught the trick question. GPT 5.5 matches GPT 5.4’s score (9/10) with an even more comprehensive verb list — adding approve, sign, use, and proxy that GPT 5.4 also covered, plus the explicit “not a single hard-coded enum” opening. The OpenAI family is the only model family where both entries recognise the open-ended nature of RBAC verbs.

moonshotai/kimi-k2.6 — 9/10

Strengths:

  • Recognises the trick question — identifies that RBAC verbs are not a closed set, making it the first non-OpenAI model to catch this
  • All 8 standard resource verbs correctly listed: get, list, watch, create, update, patch, delete, deletecollection
  • All 3 special verbs correctly listed: bind, escalate, impersonate
  • Additional verbs: approve, sign, use
  • Complete and well-structured response

Weaknesses:

  • None significant

Notable: The first non-OpenAI model to recognise the custom verb trick. Previously only GPT 5.4 and GPT 5.5 caught that RBAC verbs are free-form strings. Kimi K2.6 joins them at 9/10, breaking the OpenAI monopoly on this question’s top score.

qwen/qwen3.6-35b-a3b (LOCAL) — 6/10

Strengths:

  • Lists all 8 standard verbs correctly: get, list, watch, create, update, patch, delete, deletecollection
  • Includes special verbs: impersonate, escalate, bind
  • No factual errors in the verbs listed

Weaknesses:

  • Does not recognise the trick — treats the verb list as fixed and exhaustive. Kubernetes RBAC allows any arbitrary verb string, and the verb field is a free-form string checked at authorization time.
  • Missing approve and sign verbs for CertificateSigningRequests
  • No mention of extensibility or custom verbs via CRDs

Notable: Matches MiniMax M2.5, MiniMax M2.7, and DeepSeek V3.2 at 6/10. The pattern of treating RBAC verbs as a closed set is shared by the majority of models — only GPT 5.4, GPT 5.5, and Kimi K2.6 recognised the open-ended nature of RBAC verbs.

google/gemma-4-31b (LOCAL) — 6/10

Strengths:

  • Lists all 8 standard verbs correctly: get, list, watch, create, update, patch, delete, deletecollection
  • Includes some special verbs (escalate, bind, impersonate)
  • No factual errors in the verbs listed

Weaknesses:

  • Does not recognise the trick — treats the verb list as fixed and exhaustive. Kubernetes RBAC allows any arbitrary verb string, and the question “what are ALL of the verbs” has no finite answer.
  • Missing approve and sign verbs for CertificateSigningRequests
  • No mention of extensibility or custom verbs via CRDs

Notable: Matches Qwen-35b, MiniMax M2.5, MiniMax M2.7, and DeepSeek V3.2 at 6/10 with the same pattern: correct standard verbs, correct special verbs, but misses the trick that the verb set is open-ended. Only GPT 5.4, GPT 5.5, and Kimi K2.6 have recognised the open-ended nature of RBAC verbs.

anthropic/claude-opus-4.8 — 8/10

Strengths:

  • All 8 standard resource verbs: get, list, watch, create, update, patch, delete, deletecollection
  • All 3 special verbs: bind, escalate, impersonate
  • Additional verbs: approve, sign, use
  • Good coverage of security implications of special verbs

Weaknesses:

  • Does not recognise the trick — presents verbs as a finite list without acknowledging that RBAC allows any arbitrary verb string. The key insight that verbs are free-form strings is missing.

Comparison vs Opus 4.7 (8): Same score. Both have comprehensive verb coverage but miss the trick. The Anthropic family pattern of treating RBAC verbs as a closed set persists across all four models.

Notable: Matches Opus 4.7 and DeepSeek V4 Pro at 8/10. Strong verb coverage but the trick question remains an Anthropic blindspot — only GPT 5.4, GPT 5.5, and Kimi K2.6 have recognised that RBAC verbs are open-ended.

Key Findings

  1. This is a trick question and only the OpenAI models recognised it: The question asks “what are ALL of the verbs” — but RBAC verbs are an open set. Any string can be used as a verb. GPT 5.4 and GPT 5.5 both opened with this insight, earning the highest scores.

  2. All models know the standard 8 verbs: get, list, watch, create, update, patch, delete, deletecollection are universally known. No model missed any of these.

  3. Special verbs (escalate, bind, impersonate) are well-known: All five models identified these. These are important for security (preventing privilege escalation via RBAC) and all models covered them.

  4. The open-ended nature of RBAC verbs is poorly understood: Most models presented their answer as a finite, closed list. Only the OpenAI models (GPT 5.4 and GPT 5.5) recognised that verbs are just strings checked at authorization time.

  5. DeepSeek V3.2’s update/patch claim is the most significant factual error: Claiming update includes patch is wrong and could lead to misconfigured RBAC rules with security implications.

Back to top

Dearbhadh — LLM Kubernetes Security Assessment Tool

This site uses Just the Docs, a documentation theme for Jekyll.