Lineage
read-only · v1.0
static mock demo — no cluster connection, no oc, no credentials
Static mock demo. This page uses a small bundled sample dataset. It does not connect to a cluster, run oc, or read local credentials.
Privileged ClusterRoles Roles Role grants Cross-namespace Who can Aggregated

Who can

Reverse RBAC lookup from Lineage's cached read-only inventory. This does not shell out to oc adm policy who-can; Lineage expands real Groups into member users and flags ghosts, baseline, and unclassified rows.

Results: use on securitycontextconstraints named privileged

Yours 4 Unclassified 0 Baseline 1 All 5
· All subjects 4 Users 1 Groups 1 SAs 2
· All paths 4 Direct 3 Via group 1 Ghosts 2

4 rows shown (5 total)

SubjectPathBindingScope
Group platform-admins direct ClusterRoleBinding/platform-admins-cluster-admin cluster-wide
User alice via Group platform-admins ClusterRoleBinding/platform-admins-cluster-admin cluster-wide
ServiceAccount pipeline (ci) ghost direct ClusterRoleBinding/ci-pipeline-clusteradmin cluster-wide
ServiceAccount runner (legacy-pipelines) ghost direct ClusterRoleBinding/legacy-runner-admin cluster-wide