If you are not familiar with the oc command, refer to OpenShift - Getting Started with the oc command.

By default, a Service Account will not be assigned to a Role Binding or a Cluster Role Binding or a Security Context Constraint (SCC). Typically, Service Accounts are used to:

• Run a deployment with a Service Account so that the pods are run with the Security Context Constraint associated with the Service Account
• To associate the Service Account with a Role Binding or Cluster Role Binding to contol what the service account is allowed to do in a namespace 

The oc create serviceaccount (or oc create sa) command can be used to create a Service Account.

oc create serviceaccount my-service-account

The --namespace option can be used to create the Service Account in a certain namespace.

oc create serviceaccount my-service-account --namespace my_project

Or, a JSON or YAML file can be used.For example, let's say you have a YAML file that contains the following markup.

apiVersion: v1
kind: ServiceAccount
metadata:
  name: my-service-account
  namespace: default

The oc apply or oc create command with the -f or --filename option can be used to create the pod using the template JSON or YAML file.

The oc replace command can be used to replace a pod using a new or updated template JSON or YAML file.

The oc edit command can be used to update a pods template YAML file.

~]$ oc create -f serviceaccount.yml 
serviceaccount/my-service-account created

The oc get serviceaccounts (or just oc get sa) command can be used to list the Service Accounts that have been created in the current project / namespace.

~]$ oc get serviceaccounts
NAME                  SECRETS   AGE
default               2         388d
my-servie-account     2         112s

The oc describe serviceaccount command can be used to show more details of a specific Service Account.

~]$ oc describe serviceaccount my-service-account
Name:                my-service-account
Namespace:           default
Labels:              <none>
Annotations:         <none>
Image pull secrets:  my-service-account-dockercfg-57b6r
Mountable secrets:   my-service-account-token-sfrpr
                     my-service-account-dockercfg-57b6r
Tokens:              my-service-account-token-6x45k
                     my-service-account-token-sfrpr
Events:              <none>

By default, this should create a secret containing a token that the Service Account can use to authenticate to OpenShift.

~]$ oc get secret my-service-account-token-js959 --namespace my_project --output jsonpath="{.data.token}" | base64 --decode
eyJhbGciOiJSUzI1NiIsImtpZCI6InhlOXdWYjdVYV9qOXk2RVZ2X0JVV1ZZTnZXTy0yR2xRVDhMOEpOUVBnVmsifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJvcGVuc2hpZnQtZ2l0b3BzIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZWNyZXQubmFtZSI6Im15LXNlcnZpY2UtYWNjb3VudC10b2tlbi1qczk1OSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50Lm5hbWUiOiJteS1zZXJ2aWNlLWFjY291bnQiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiJhZjE2NjQyOS1jMzgzLTRlNzEtOGRmZS0yYTYyY2JhYmE0NWYiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6b3BlbnNoaWZ0LWdpdG9wczpteS1zZXJ2aWNlLWFjY291bnQifQ.Idd7VeoZhDofAiu8ebo8kUxVleeIlkzv8srwpWX0pdefTsqlgJPhzj5rnntK5QyhoQbFRAjPgcnNIixAeiYzUvmUf1H1KlRF2oTih0a7BknIjNRGovn3v3YaWJf6lkkJMWLRGuPWo7tEREOZJtMi-_3Nck5o0R7zSfNCUPC8fwx4es2x4EF4Lm6jaR0IJfcgHuGEjyO4gGTOyZScwzBgrl-HRiNqb2RBeY7_hBAckln3ceX3HKu8XovMgFIoNgk-TXxBs4MHjofCMcj8mxgJObLZwAfgIKvixUQMMKFbGHD0-QO9XcLj6E9X4oM2WeD67RJZcu3TYFnP0V4LiZZ_GWq1HCvH7h7hy9tKd9_9Cbioxw4YO1WtBxapZghtE_ZVnVDX8U-xcO1n0T9WyUkkWFHKipvbZBnDkAtjX3I1Du33pPmg1Xo8mf7EMzNRkqZdP2xyGMwss6Pw9B0PG7P3U1aPguF_dGhxVNvAI4zZIDRpmiLwHvd2t7D3gGCFTCM06pyZjImOFZg4LvrqaYQZAnNWzUBqdXNg-LAuRIGz3X3SfAun1aPTFG9xA8eh08c8aKD8KvjPkfwG_QldYOzcwgumwWlzRRBeA_ozZF-66a83A91nLApcgRLXupcucrNJuMiirUL_Dl7mTnwiaxhMjT3o86RRx_hMS2z5c9liwV8

If the purpose of the Service Account is to have an account that has certain permissions (such as view or cluster-admin), then you will want to Add or Remove a Role Binding from a User Group or Service Account.

~]$ oc adm policy add-cluster-role-to-user basic-user -z my-service-account
clusterrole.rbac.authorization.k8s.io/basic-user added: "my-service-account"

If the purpose of the Service Account is to set the Security Context Constraint for pods in the project, then you will want to Add a Security Context Constraint to a User or Group or Service Account.

~]$ oc adm policy add-scc-to-user restricted -z my-service-account
clusterrole.rbac.authorization.k8s.io/system:openshift:scc:restricted added: "my-service-account"