While Cloud IAM is a good first level of security for Kubernetes Engine, many scenarios requires a higher degree of granularity. For example, let's say your app, running on Kubernetes Engine, is being developed by one team, tested by another, and handled in production by yet another. It'd really be best to keep the permissions for all these different teams separate. With Role-Based Access Control, you can do exactly that. In this lesson, you'll see concrete examples of how different namespaces can be secured as well as how cluster-wide permissions are granted.