ServiceAccount default in openshift-authentication ghost
Pods (1)
| Pod | Phase | SCC | Owner |
|---|---|---|---|
| oauth-server | Running | restricted-v2 |
Jobs running as this ServiceAccount (0)
None.
CronJobs running as this ServiceAccount (0)
None.
Bindings referencing this ServiceAccount
Every binding whose subject list names this SA — split by scope.
RoleBindings in openshift-authentication (0)
None.
RoleBindings in other namespaces (0)
None.
ClusterRoleBindings (0)
None.
Images run by this ServiceAccount (1)
Distinct images across the SA's pods.
| Image | Registry | Containers |
|---|---|---|
| quay.io/openshift-release-dev/ocp-release@sha256:fake | quay.io | 1 |
Direct SCC eligibility (1)
SCCs this ServiceAccount can use because its principal is listed directly in scc.users, or because scc.groups includes a group the principal belongs to (system:authenticated, system:serviceaccounts, or system:serviceaccounts:openshift-authentication). This is not the full effective SCC set — RBAC use grants on securitycontextconstraints objects also admit pods, and those are listed on each SCC's detail page under Potential subjects.
| SCC | Priority | Granted via | Privileged |
|---|---|---|---|
| restricted-v2 | — | group system:authenticated | no |
Reach
Where this subject's permissions land. Cluster-wide grants reach every namespace; namespace-scoped grants are listed individually.
This subject has no bindings (direct or via group membership).
Effective permissions (0 paths)
No paths.