Bug 1566348

Summary: ocp 3.7 works with oc client 3.6 while running oc --loglevel=10 adm policy add-scc-to-user nfs-scc -z default -n testingcert but oc server 3.7 does not work with oc client 3.7 for same command
Product: OpenShift Container Platform Reporter: Miheer Salunke <misalunk>
Component: ocAssignee: David Eads <deads>
Status: CLOSED NOTABUG QA Contact: Xingxing Xia <xxia>
Severity: high Docs Contact:
Priority: high    
Version: 3.6.0CC: aos-bugs, deads, ffranz, jliggitt, jokerman, misalunk, mmccomas, rbost
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2018-04-18 12:03:27 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Comment 3 David Eads 2018-04-12 12:22:24 UTC
Looks like a clusterrole needs groupification.

You need to update `namespace-admin` to include "security.openshift.io" and "" as groups for the "securitycontextconstraints" resource

Comment 4 David Eads 2018-04-13 12:10:10 UTC
Does updating that role fix the problem?

Comment 5 Robert Bost 2018-04-17 13:53:08 UTC
Yes, updating the role resolved the issue for the customer.