Let's start this RFE with the sample use case we want to cover: "As a user, I would like some SCCs to be allowed to the users ONLY IF POD IMAGE(S) BELONG TO A WHITE LIST.". 

In some regions, we had to forbid users to deploy images with root user. However, there are some images that only can run as root. What we want to do is to allow only that white list of certified and verified corporate images to be run as root, while any other kind of image should not be allowed.

The way to achieve this (and probably other use cases) would be the ability to restrict an SCC not only to a list of users but also to a white list images. So, if a user with permissions on that SCC tries to deploy an image not present at the white list, he would not be allowed to use that SCC for that.

Image white lists must be specifiable both with image tags names (i.e. "myregistry.local/repo/image:tag") and with SHA256 sums. It is important to support both becase we do need to keep compatibility with v1-only registries, as

As soon as you give a user the ability to run as root in a project with any image, you have the same surface area for attack as if you gave them access to all images as root.  It seems like what you really want is user namespaces to be able to run images as root and not have a security risk.

*** This bug has been marked as a duplicate of bug 1352616 ***

This bug has been identified as a dated (created more than 3 months ago) bug. 
This bug has been triaged (has a trello card linked to it), or reviewed by Engineering/PM and has been put into the product backlog, 
however this bug has not been slated for a currently planned release (3.9, 3.10 or 3.11), which cover our releases for the rest of the calendar year. 

As a result of this bugs age, state on the current roadmap and PM Score (being below 70), this bug is being Closed - Differed, 
as it is currently not part of the products immediate priorities.

Please see: https://docs.google.com/document/d/1zdqF4rB3ea8GmVIZ7qWCVYUaQ7-EexUrQEF0MTwdDkw/edit for more details.