diff --git a/cloud/data_source_rolebinding.go b/cloud/data_source_rolebinding.go
index 1c9e1d8..9452b67 100644
--- a/cloud/data_source_rolebinding.go
+++ b/cloud/data_source_rolebinding.go
@@ -57,14 +57,19 @@ func dataSourceRoleBinding() *schema.Resource {
 					Type: schema.TypeString,
 				},
 			},
-			"cel": {
-				Type:        schema.TypeString,
+			"user_names": {
+				Type:        schema.TypeList,
 				Computed:    true,
-				Description: descriptions["rolebinding_cel"],
+				Description: descriptions["rolebinding_user_names"],
 				Elem: &schema.Schema{
 					Type: schema.TypeString,
 				},
 			},
+			"cel": {
+				Type:        schema.TypeString,
+				Computed:    true,
+				Description: descriptions["rolebinding_cel"],
+			},
 		},
 	}
 }
@@ -98,9 +103,12 @@ func DataSourceRoleBindingRead(ctx context.Context, d *schema.ResourceData, meta
 	}
 
 	var serviceAccountNames []string
+	var userNames []string
 	for _, subject := range roleBinding.Spec.Subjects {
 		if subject.Kind == "ServiceAccount" {
 			serviceAccountNames = append(serviceAccountNames, subject.Name)
+		} else if subject.Kind == "User" {
+			userNames = append(userNames, subject.Name)
 		}
 	}
 	if serviceAccountNames != nil {
@@ -108,6 +116,11 @@ func DataSourceRoleBindingRead(ctx context.Context, d *schema.ResourceData, meta
 			return diag.FromErr(fmt.Errorf("ERROR_SET_SERVICE_ACCOUNT_NAMES: %w", err))
 		}
 	}
+	if userNames != nil {
+		if err = d.Set("user_names", userNames); err != nil {
+			return diag.FromErr(fmt.Errorf("ERROR_SET_USER_NAMES: %w", err))
+		}
+	}
 
 	if roleBinding.Spec.CEL != nil {
 		if err = d.Set("cel", roleBinding.Spec.CEL); err != nil {
diff --git a/cloud/provider.go b/cloud/provider.go
index a3b6f79..4e896f9 100644
--- a/cloud/provider.go
+++ b/cloud/provider.go
@@ -173,6 +173,7 @@ func init() {
 		"rolebinding_service_account_names": "The list of service accounts that are role binding names ",
 		"dns":                               "The DNS ID and name. Must specify together",
 		"rolebinding_cel":                   "The CEL(Common Expression Langauge) for conditional role binding",
+		"rolebinding_user_names":            "The list of users that are role binding names ",
 	}
 }
 
diff --git a/cloud/resource_rolebinding.go b/cloud/resource_rolebinding.go
index 0cdd2b2..c3a40dd 100644
--- a/cloud/resource_rolebinding.go
+++ b/cloud/resource_rolebinding.go
@@ -83,14 +83,19 @@ func resourceRoleBinding() *schema.Resource {
 					Type: schema.TypeString,
 				},
 			},
-			"cel": {
-				Type:        schema.TypeString,
+			"user_names": {
+				Type:        schema.TypeList,
 				Optional:    true,
-				Description: descriptions["rolebinding_cel"],
+				Description: descriptions["rolebinding_user_names"],
 				Elem: &schema.Schema{
 					Type: schema.TypeString,
 				},
 			},
+			"cel": {
+				Type:        schema.TypeString,
+				Optional:    true,
+				Description: descriptions["rolebinding_cel"],
+			},
 		},
 	}
 }
@@ -101,6 +106,7 @@ func resourceRoleBindingCreate(ctx context.Context, d *schema.ResourceData, m in
 
 	predefinedRoleName := d.Get("cluster_role_name").(string)
 	serviceAccountNames := d.Get("service_account_names").([]interface{})
+	userNames := d.Get("user_names").([]interface{})
 	cel := d.Get("cel").(string)
 
 	clientSet, err := getClientSet(getFactoryFromMeta(m))
@@ -137,6 +143,17 @@ func resourceRoleBindingCreate(ctx context.Context, d *schema.ResourceData, m in
 			})
 		}
 	}
+
+	if userNames != nil {
+		for _, userName := range userNames {
+			rb.Spec.Subjects = append(rb.Spec.Subjects, v1alpha1.Subject{
+				APIGroup: "cloud.streamnative.io",
+				Name:     userName.(string),
+				Kind:     "User",
+			})
+		}
+	}
+
 	if cel != "" {
 		rb.Spec.CEL = pointer.String(cel)
 	}