ServiceAccount builder in mine-platform
Pods (3)
| Pod | Phase | SCC | Owner |
|---|---|---|---|
| api-1 | Running | anyuid | ReplicaSet/api |
| api-2 | Running | anyuid | ReplicaSet/api |
| privileged-debug | Running | privileged priv |
Jobs running as this ServiceAccount (0)
None.
CronJobs running as this ServiceAccount (0)
None.
Bindings referencing this ServiceAccount
Every binding whose subject list names this SA — split by scope.
RoleBindings in mine-platform (1)
| Binding | Role | Created |
|---|---|---|
| RoleBinding/mine-builder-use-anyuid | system:openshift:scc:anyuid | 1y |
RoleBindings in other namespaces (0)
None.
ClusterRoleBindings (0)
None.
Images run by this ServiceAccount (3)
Distinct images across the SA's pods.
| Image | Registry | Containers |
|---|---|---|
| docker.io/library/nginx:1.25 | docker.io | 2 |
| …openshift-image-registry.svc:5000/mine-platform/api:latest | image-registry.openshift-image-registry.svc:5000 | 1 |
| registry.redhat.io/rhel8/support-tools:latest | registry.redhat.io | 1 |
Direct SCC eligibility (2)
SCCs this ServiceAccount can use because its principal is listed directly in scc.users, or because scc.groups includes a group the principal belongs to (system:authenticated, system:serviceaccounts, or system:serviceaccounts:mine-platform). This is not the full effective SCC set — RBAC use grants on securitycontextconstraints objects also admit pods, and those are listed on each SCC's detail page under Potential subjects.
| SCC | Priority | Granted via | Privileged |
|---|---|---|---|
| anyuid | 10 | user system:serviceaccount:mine-platform:builder | no |
| restricted-v2 | — | group system:authenticated | no |
Reach
Where this subject's permissions land. Cluster-wide grants reach every namespace; namespace-scoped grants are listed individually.
Per-namespace (1 namespace)
| Namespace | Role | Via | Binding |
|---|---|---|---|
| mine-platform | system:openshift:scc:anyuid | direct | RoleBinding/mine-builder-use-anyuid |
Effective permissions (1 path)
Each path is one (role, scope, group-membership) combination. Click Show rules to see the underlying API rules.
Namespace: mine-platform
ServiceAccount
builder
bound by
RoleBinding
mine-builder-use-anyuid
grants
ClusterRole
system:openshift:scc:anyuid
Verbs:
use
Resources:
securitycontextconstraints
API groups:
security.openshift.io
| API group | Resources | Verbs |
|---|---|---|
| security.openshift.io | securitycontextconstraints | use |