If you are not familiar with the oc command, refer to OpenShift - Getting Started with the oc command.
Here is a basic illustration of how a user, group or service account get mapped to permissions.
Role Bindings and Security Context Constraint are similar in that they both are access control mechanisms.
The oc adm policy who-can command can be used to determine if a user or group has permission to perform an action on a resource, such as creating, updating, or deleting a config map, deployment, pod, project, secret, et cetera.
~]$ oc adm policy who-can create secret --namespace openshift-config
Namespace: openshift-config
Verb: create
Resource: secrets
Users: system:admin
system:serviceaccount:my-project:my-service-account
Groups: my-group
Openshift_Admin
system:cluster-admins
Role Bindings, or Role Based Access Control (RBAC), contain the mapping of user, group, or service account to a role.
The following roles can be used.
You may want to Add or Remove a Role Binding from a User Group or Service Account.