Currently oc adm policy add-scc-to-user modifies SCC directly but should rather create appropriate ClusterRole and ClusterRoleBinding instead and not modify SCC at all.
PRs in the queue.
Confirmed with latest oc , the issue has fixed: [root@dhcp-140-138 ~]# oc version --client -o yaml clientVersion: buildDate: "2020-05-29T14:24:36Z" compiler: gc gitCommit: 9933eb90790b36d153fcc55f8404724bb0929b96 gitTreeState: clean gitVersion: 4.5.0-202005291417-9933eb9 goVersion: go1.13.4 major: "" minor: "" platform: linux/amd64 [root@dhcp-140-138 ~]# oc adm policy add-scc-to-user privileged testuser-1 clusterrole.rbac.authorization.k8s.io/system:openshift:scc:privileged added: "testuser-1" [root@dhcp-140-138 ~]# oc get clusterrole |grep privileged system:openshift:scc:privileged 2020-06-01T00:28:23Z [root@dhcp-140-138 ~]# oc get clusterrolebinding |grep privileged system:openshift:scc:privileged ClusterRole/system:openshift:scc:privileged 2m49s
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2020:2409