ServiceAccount default in mine-platform
Pods (0)
No pods running as this ServiceAccount.
Jobs running as this ServiceAccount (0)
None.
CronJobs running as this ServiceAccount (0)
None.
Bindings referencing this ServiceAccount
Every binding whose subject list names this SA — split by scope.
RoleBindings in mine-platform (0)
None.
RoleBindings in other namespaces (1)
| Namespace | Binding | Role |
|---|---|---|
| shared-images | RoleBinding/mine-pulls-shared | system:image-puller |
ClusterRoleBindings (0)
None.
Direct SCC eligibility (2)
SCCs this ServiceAccount can use because its principal is listed directly in scc.users, or because scc.groups includes a group the principal belongs to (system:authenticated, system:serviceaccounts, or system:serviceaccounts:mine-platform). This is not the full effective SCC set — RBAC use grants on securitycontextconstraints objects also admit pods, and those are listed on each SCC's detail page under Potential subjects.
| SCC | Priority | Granted via | Privileged |
|---|---|---|---|
| anyuid | 10 | group system:serviceaccounts:mine-platform | no |
| restricted-v2 | — | group system:authenticated | no |
Reach
Where this subject's permissions land. Cluster-wide grants reach every namespace; namespace-scoped grants are listed individually.
Per-namespace (1 namespace)
| Namespace | Role | Via | Binding |
|---|---|---|---|
| shared-images | system:image-puller | direct | RoleBinding/mine-pulls-shared |
Effective permissions (1 path)
Each path is one (role, scope, group-membership) combination. Click Show rules to see the underlying API rules.
Namespace: shared-images
ServiceAccount
default
bound by
RoleBinding
mine-pulls-shared
grants
ClusterRole
system:image-puller
Verbs:
get
Resources:
imagestreams/layers
API groups:
image.openshift.io
| API group | Resources | Verbs |
|---|---|---|
| image.openshift.io | imagestreams/layers | get |