If I try to add a security constraint to a local OpenShift all-in-one cluster running in Windows10 Pro and Hyper-V, openshift client receives the following message:
c:\openshift\oc.exe adm policy add-scc-to-user anyuid -z default
Error from server (Forbidden): User "system" cannot get securitycontextconstraints at the cluster scope"
The Openshift instance was created by docker machine using the following steps:
1) docker-machine create -d "hyperv" --engine-insecure-registry 172.30.0.0/16 --hyperv-virtual-switch "openshift" openshift
2) oc cluster up --docker-machine=openshift
Is there any configuration to allow system user to have access to securitycontextconstraints?
Try running:
docker exec origin oc adm policy add-scc-to-user anyuid -z default -n projectname
This will run oc inside of the OpenShift cluster where it should run as an admin.
I would suggest also running:
docker exec origin oc adm policy add-cluster-role-to-group sudoer system:authenticated yourusername
That way you can in future run admin commands by running:
oc adm policy add-scc-to-user anyuid -z default -n projectname --as system:admin
That is, by using --as system:admin to impersonate admin.
You may want to consider using Minishift instead of oc cluster up as it from memory gives the developer user sudoer role by default and so can use --as system:admin to execute admin commands.