# Permissions

{% hint style="info" %}
This configuration is based on the concept of GitOps, so you first need to ensure your git account is connected to your Organization. For more information, refer to the [Connecting your Organization to git](https://docs.pipekit.io/pipekit/creating-orgs#connecting-your-organization-to-git) documentation.
{% endhint %}

## Configuration file

You will need to create a configuration file to define the namespace permissions you require for your Organization. The configuration file should be stored in a git repository that is connected to your Organization.

Configuration file is a yaml file that defines namespace permission configuration. It has the following fields:

* `username` field is username/email
* `clusterName` field is name of the cluster from organization
* `namespace` field is name of the Kubernetes namespace that user can access. Wildcard operator (\*) is allowed on namespace level.

### Configuration file example

```yaml
version: v1alpha1
users:
  - username: test-user
    config:
      - clusterName: local-cluster
        namespaces:
          - default
          - dev
      - clusterName: local-cluster-2
        namespaces:
          - '*'
  - username: test-user-2
    config:
      - clusterName: local-cluster
        namespaces:
          - default
```

## Applying the configuration file

Once your configuration file is available in git, go to the [Org tab in Pipekit](https://pipekit.io/organization) and select the `Permissions` tab.

From here, you can select the repo, branch and specify configuration file location.

Submitting the configuration file will trigger Pipekit to apply the defined permissions and after that moment, only the users that are specified in the configuration file will be able to access namespaces that are specified.

From this point, updating the file in your git repository will trigger Pipekit to update the permissions accordingly.