As a openshift admin i want to make sure my openshift is secure which include container and OS . I want to make sure user access to container or OS is given as per need so we can give enough privileges to user in container to do their work and prevent them escaping out to OS with their container privileges and do harm to the OS and other containers  . example a user with root privileges inside container does not nesserty need to have root privileges in OS .

More Details 

User namespaces isolate security-related identifiers and attributes, in particular, user IDs and group IDs, the root directory, keys, and capabilities. A process's user and group IDs can be different inside and outside a user namespace. In particular, a process can have a normal unprivileged user ID outside a user namespace while at the same time having a user ID of 0 inside the namespace; in other words, the process has full privileges for operations inside the user namespace, but is unprivileged for operations outside the namespace.