Status: IN
In PodSecurityPolicySubjectReview, if `user` is specified without `groups`, the user is tested as if belonging to no groups; if both are empty, only the `serviceAccountName` from the template is evaluated
Source: entries/2026/03/05/en-documentation-openshift_container_platform-417-html-security_apis-podsecurity.md
JSON