Document URL: https://docs.openshift.com/enterprise/3.1/install_config/upgrades.html#updating-policy-definitions Section Number and Name: Updating Policy Definitions Describe the issue: If you don't upgrade the cluster-role-bindings, there are some commands that will fail (oc logs, oc rsh) Suggestions for improvement: Add how to reconcile cluster-role-bindings and sccs if needed Additional information:
For reference, this is the command ansible runs when upgrading. It updates role bindings, only adding permissions, and not adding any permissions to all users (authenticated or unauthenticated) by default: oadm policy reconcile-cluster-role-bindings \ --exclude-groups=system:authenticated \ --exclude-groups=system:unauthenticated \ --exclude-users=system:anonymous \ --additive-only=true \ --confirm
This is being handled in https://github.com/openshift/openshift-docs/pull/1251.
There is oadm policy reconcile-cluster-role-bindings in openshift-docs. so move to Verified