Static mock demo. This page uses a small bundled sample dataset. It does not connect to a cluster, run oc, or read local credentials.

SCC privileged privileged

Configuration

priority	10
allowPrivilegedContainer	True
allowPrivilegeEscalation	True
allowHostNetwork	True
allowHostPID	True
allowHostIPC	True
readOnlyRootFilesystem
runAsUser.type	RunAsAny

Granted to

Users (2)

system:admin
system:serviceaccount:legacy-pipelines:runner absent SA

Groups (1)

platform-admins

Resurrectable ServiceAccount grants (1)

These entries in scc.users address a ServiceAccount that no longer exists. SCC admission matches by name string, so recreating the SA reactivates this SCC's posture for any pod the SA admits. Because this SCC allows privileged containers, the surviving grant is critical.

Principal	Created	Namespace	State
system:serviceaccount:legacy-pipelines:runner	1y	legacy-pipelines	namespace deleted recreating ns + SA reactivates

Pods admitted under this SCC (1)

Expandable summaries below show namespaces, images, and every pod admitted with this SCC. Click a summary row to open the table.

By namespace (1)

Namespace	Pods
mine-platform	1

By image (1)

Image	Registry	Containers
registry.redhat.io/rhel8/support-tools:latest	registry.redhat.io	1

All admitted pods (1)

ServiceAccount	Pod	Namespace	Phase	Owner	Created
builder	privileged-debug	mine-platform	Running		1y

Subjects that can use this SCC (3 of 9)

Direct SCC grants and RBAC use grants. Ghost ServiceAccounts here are potential admissions: recreating the same SA name reactivates the SCC grant.

All kinds 9 Users 3 Groups 3 ServiceAccounts 3

Subject	Created	State	Granted via	Scope / note
User alice	1y	user present	ClusterRoleBinding/platform-admins-cluster-admin (via platform-admins) (RBAC use grant) role cluster-admin	can use this SCC now if authenticated
User alice	1y	user present	scc.groups/platform-admins (SCC group list)	can use this SCC now if authenticated
User system:admin baseline	1y	virtual/system user	scc.users (SCC user list)	platform identity