Post-Update Security Hardening for SCM and Siebel Pods

This topic lists the post-update procedure to move an environment to the hardened-security model after the monthly update is complete. It includes the following topics:

• Prerequisites for Post-Update Security Hardening
• Updating SCM with Custom Non-Root User ID and Group ID
• Updating Siebel with Custom Non-Root User ID and Group ID

Starting with version 26.6, SCM and Siebel support running pods with custom non-root user ID and group ID. This help SCM and Siebel workloads run with custom non-root user ID and group ID that align with the target Kubernetes cluster security policy. When you adopt the enhanced security model, you can configure pods to run with specific runAsUser, runAsGroup, and fsGroup values. This configuration also enables persistent file system ownership to align with the pod security context.

Note: This feature is optional. Configure it only if you want to move to the hardened security model or if the target cluster security policy requires specific non-root user, group, or file system group IDs.