{"id":"openshift-extends-k8s-authorization-model","text":"OpenShift has dual authorization systems: its own authorization API group alongside the Kubernetes RBAC API, with OpenShift-specific resources (SCC, ClusterRoles like self-provisioner) layered on top.","truth_value":"IN","source":"","source_url":"","source_hash":"","justifications":[{"type":"SL","antecedents":["ocp-two-authorization-api-groups","openshift-has-own-authorization-api","scc-api-group-security-openshift","default-clusterroles-list"],"outlist":[],"label":"Parallel authorization APIs reflect OpenShift's extension of Kubernetes security model"}],"dependents":["authorization-and-resource-governance-model","identity-to-authorization-governance-chain"],"metadata":{},"explanation":{"steps":[{"node":"openshift-extends-k8s-authorization-model","truth_value":"IN","reason":"SL justification valid","antecedents":["ocp-two-authorization-api-groups","openshift-has-own-authorization-api","scc-api-group-security-openshift","default-clusterroles-list"],"label":"Parallel authorization APIs reflect OpenShift's extension of Kubernetes security model"},{"node":"ocp-two-authorization-api-groups","truth_value":"IN","reason":"premise"},{"node":"openshift-has-own-authorization-api","truth_value":"IN","reason":"premise"},{"node":"scc-api-group-security-openshift","truth_value":"IN","reason":"premise"},{"node":"default-clusterroles-list","truth_value":"IN","reason":"premise"}]}}