# Managed Service Accounts (RBAC)

When a DuploCloud Tenant is created with Kubernetes access, DuploCloud creates three service accounts that are mapped to the Tenant's unique namespace.

## Account types

* `default -` The `default` account serves as a template for creating other accounts. This account cannot be altered by the end user. There are no role bindings for the `default` service account.
* `duploservices--readonly-user` - This service account is assigned to the `duploservices-<tenant>-readonly-role` role binding. It provides read-only access to resources in the Tenant
* `duploservices--edit-user` - This service account is assigned to the `duploservices-<tenant>-edit-role` role binding. It provides edit access to resources in the Tenant. This is the service account that is assigned to a new Pod, unless you explicitly override it

Service accounts can be applied to Pods using the DuploCloud Service's **Other Pod Configuration** field when you Add a [Service](/docs/automation-platform/container-orchestrators/concepts.md).


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.duplocloud.com/docs/automation-platform/kubernetes-overview/managed-service-accounts-rbac.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.