Security context constraints

Administrators can use security context constraints to control permissions for pods on their Red Hat OpenShift cluster. These permissions include actions that a pod can perform and what resources it can access. For more information, see Red Hat - Managing Security Context Constraints.


Security context constraint (SCC) types

Default OpenShift security context constraints

Red Hat® OpenShift® clusters contain eight default security context constraints (SCCs). For more information, see Red Hat OpenShift SCCs.

Customize SCC

Operators can install their own SCC resources to be used by their components. It is recommended that you follow these best practices when you customize SCCs:

Security context constraint usage

IBM Cloud Pak foundational services

Table 1. SCC usage for IBM Cloud Pak foundational services
Component Security Context Constraint Usage Justification
IM restricted
cert-manager restricted
mongodb restricted
common-web-ui restricted
events restricted
installer restricted
licensing restricted
must-gather restricted
user-data-services anyuid To run the container with a specific user ID.