When I test the Authorization for HTTP traffic[1] without adding any anyuid scc, that feature of allowing GET operation fails.

OCP 4.3
OSSM: 1.1.0
bookinfo : https://github.com/Maistra/bookinfo
docker.io/maistra/examples-bookinfo-details-v1:0.12.0
docker.io/maistra/examples-bookinfo-ratings-v1:0.12.0
docker.io/maistra/examples-bookinfo-reviews-v1:0.12.0
docker.io/maistra/examples-bookinfo-reviews-v2:0.12.0
docker.io/maistra/examples-bookinfo-reviews-v3:0.12.0
docker.io/maistra/examples-bookinfo-productpage-v1:0.12.0

The following steps are described in istio.io doc[1]. However, it doesn't work on OCP4. We need to add anyuid scc to pass them.

Problem steps:
3. Run the following command to create the details-viewer policy to allow the productpage workload, which issues requests using the cluster.local/ns/${TESTNS}/sa/bookinfo-productpage service account, to access the details workload through GET methods:

4. Run the following command to create a policy reviews-viewer to allow the productpage workload, which issues requests using the cluster.local/ns/${TESTNS}/sa/bookinfo-productpage service account, to access the reviews workload through GET methods:

5. Run the following command to create the ratings-viewer policy to allow the reviews workload, which issues requests using the cluster.local/ns/${TESTNS}/sa/bookinfo-reviews service account, to access the ratings workload through GET methods:

Workaround:
$ oc adm policy add-scc-to-user anyuid -z bookinfo-productpage -n ${TESTNS}
$ oc adm policy add-scc-to-user anyuid -z bookinfo-reviews -n ${TESTNS}

Is this expected ? should we support this without adding anyuid scc ?

Ref:
[1] https://archive.istio.io/v1.4/docs/tasks/security/authorization/authz-http/