diff --git a/scc-remove.sh b/scc-remove.sh
new file mode 100755
index 0000000..d422ab1
--- /dev/null
+++ b/scc-remove.sh
@@ -0,0 +1,4 @@
+oc adm policy remove-scc-from-user privileged -z minio-sa -n minio
+oc adm policy remove-scc-from-user anyuid -z minio-sa -n minio
+oc adm policy remove-scc-from-user privileged -z default -n minio
+oc adm policy remove-scc-from-user anyuid -z default -n minio
diff --git a/values.yaml b/values.yaml
index c5031b4..4121c92 100644
--- a/values.yaml
+++ b/values.yaml
@@ -200,8 +200,7 @@ service:
 ingress:
   enabled: true
   ingressClassName: openshift-default
-  labels:
-    {}
+  labels: {}
     # node-role.kubernetes.io/ingress: platform
   annotations:
     kubernetes.io/ingress.class: openshift-default
@@ -245,8 +244,7 @@ consoleService:
 consoleIngress:
   enabled: true
   ingressClassName: openshift-default
-  labels:
-    {}
+  labels: {}
     # node-role.kubernetes.io/ingress: platform
   annotations:
     kubernetes.io/ingress.class: openshift-default
@@ -277,11 +275,11 @@ topologySpreadConstraints: []
 
 ## Add stateful containers to have security context, if enabled MinIO will run as this
 ## user and group NOTE: securityContext is only enabled if persistence.enabled=true
-securityContext:
-  enabled: false
-  #runAsUser: 1000
-  #runAsGroup: 1000
-  #fsGroup: 1000
+securityContext: #unavoidable to wd-mycloud all_squash to 501/1000. appropriate SCC has been applied to prevent future drift
+  enabled: true
+  runAsUser: 501
+  runAsGroup: 1000
+  fsGroup: 1000
   #fsGroupChangePolicy: "OnRootMismatch"
 
 containerSecurityContext:
@@ -399,8 +397,7 @@ makeUserJob:
 
 ## List of service accounts to be created after minio install
 ##
-svcaccts:
-  []
+svcaccts: []
   ## accessKey, secretKey and parent user to be assigned to the service accounts
   ## Add new service accounts as explained here https://min.io/docs/minio/kubernetes/upstream/administration/identity-access-management/minio-user-management.html#service-accounts
   # - accessKey: console-svcacct
@@ -439,8 +436,7 @@ makeServiceAccountJob:
 
 ## List of buckets to be created after minio install
 ##
-buckets:
-  []
+buckets: []
   #   # Name of the bucket
   # - name: bucket1
   #   # Policy to be set on the
@@ -489,15 +485,13 @@ customCommandJob:
     requests:
       memory: 128Mi
   ## Additional volumes to add to the post-job.
-  extraVolumes:
-    []
+  extraVolumes: []
     # - name: extra-policies
     #   configMap:
     #     name: my-extra-policies-cm
   ## Additional volumeMounts to add to the custom commands container when
   ## running the post-job.
-  extraVolumeMounts:
-    []
+  extraVolumeMounts: []
     # - name: extra-policies
     #   mountPath: /mnt/extras/
   # Command to run after the main command on exit
@@ -587,8 +581,7 @@ metrics:
     # for node metrics
     relabelConfigs: {}
     # for cluster metrics
-    relabelConfigsCluster:
-      {}
+    relabelConfigsCluster: {}
       # metricRelabelings:
       #   - regex: (server|pod)
       #     action: labeldrop