diff --git a/api/deploy/ocp/scc.yaml b/api/deploy/ocp/scc.yaml
index 921a651a3..2fa075779 100644
--- a/api/deploy/ocp/scc.yaml
+++ b/api/deploy/ocp/scc.yaml
@@ -20,6 +20,8 @@ allowHostPID: true
 allowHostIPC: true
 # Set to false as we write to RootFilesystem inside csi containers
 readOnlyRootFilesystem: false
+requiredDropCapabilities:
+  - ALL
 runAsUser:
   type: RunAsAny
 seLinuxContext:
diff --git a/deploy/scc.yaml b/deploy/scc.yaml
index 592fd2748..fbc4961a2 100644
--- a/deploy/scc.yaml
+++ b/deploy/scc.yaml
@@ -27,6 +27,8 @@ allowHostPID: true
 allowHostIPC: true
 # Set to false as we write to RootFilesystem inside csi containers
 readOnlyRootFilesystem: false
+requiredDropCapabilities:
+  - ALL
 runAsUser:
   type: RunAsAny
 seLinuxContext:
diff --git a/vendor/github.com/ceph/ceph-csi/api/deploy/ocp/scc.yaml b/vendor/github.com/ceph/ceph-csi/api/deploy/ocp/scc.yaml
index 921a651a3..2fa075779 100644
--- a/vendor/github.com/ceph/ceph-csi/api/deploy/ocp/scc.yaml
+++ b/vendor/github.com/ceph/ceph-csi/api/deploy/ocp/scc.yaml
@@ -20,6 +20,8 @@ allowHostPID: true
 allowHostIPC: true
 # Set to false as we write to RootFilesystem inside csi containers
 readOnlyRootFilesystem: false
+requiredDropCapabilities:
+  - ALL
 runAsUser:
   type: RunAsAny
 seLinuxContext: