Role-based access control (RBAC) is an unavoidable part of the Kubernetes developer experience. Whether it is engineers managing cluster resources via kubectl or internal service accounts interacting with the Kubernetes API directly, development teams will need to understand how to build and distribute effective, least permissive RBAC policies. This session will first go back in time to help attendees understand exactly how RBAC works under the hood and explore some lesser-known RBAC gotchas. We will then cover the essential pillars of designing an effective RBAC strategy for the enterprise including automation and observability opportunities. After this session, attendees can expect to have a better understanding on how to build and monitor least privilege RBAC configurations within Kubernetes.