RBAC on MLRun / Nuclio · live

Who's allowed to do what, where?

Migrating off a commercial MLOps platform means rebuilding its access control. This is that layer, live: give a subject a role on a project, request an action on a resource, and the Policy Decision Point allows or denies — deny-by-default, project-scoped. Same policy.json + logic as the tested rbac-mlrun-demo.