Skip to content

Commit

Permalink
OSDOCS-3554: Adding info on restricted-v2 SCC
Browse files Browse the repository at this point in the history
  • Loading branch information
@bergerhoffer
bergerhoffer authored and openshift-cherrypick-robot committed Jul 21, 2022
1 parent a2a3c2c commit eeddce9
Showing 1 changed file with 7 additions and 0 deletions.
7 changes: 7 additions & 0 deletions migrating_from_ocp_3_to_4/planning-migration-3-4.adoc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -201,6 +201,13 @@ For more information, see xref:../authentication/understanding-identity-provider

Newly created OAuth HTTP bearer tokens no longer match the names of their OAuth access token objects. The object names are now a hash of the bearer token and are no longer sensitive. This reduces the risk of leaking sensitive information.

[discrete]
==== Default security context constraints

The `restricted` security context constraints (SCC) in {product-title} 4 can no longer be accessed by any authenticated user as the `restricted` SCC in {product-title} 3.11. The broad authenticated access is now granted to the `restricted-v2` SCC, which is more restrictive than the old `restricted` SCC. The `restricted` SCC still exists; users that want to use it must be specifically given permissions to do it.

For more information, see xref:../authentication/managing-security-context-constraints.adoc#managing-pod-security-policies[Managing security context constraints].

[id="migration-preparing-monitoring"]
=== Monitoring considerations

Expand Down

0 comments on commit eeddce9

Please sign in to comment.