openshift-docs/modules/storage-ephemeral-vols-security.adoc

// Module included in the following assemblies:
//
// * storage/generic-ephemeral-vols.adoc
//* microshift_storage/generic-ephemeral-volumes-microshift.adoc


:_content-type: CONCEPT
[id="generic-ephemeral-security_{context}"]
= Security

Enabling the generic ephemeral volume feature allows users to create persistent volume claims (PVCs) indirectly if they can create pods, even if they do not have permission to create PVCs directly. Cluster administrators must be aware of this. If this does not fit their security model, they should use an admission webhook that rejects objects like pods that have a generic ephemeral volume.

The normal namespace quota for PVCs still applies, so even if users are allowed to use this new mechanism, they cannot use it to circumvent other policies.