I'd like to create a Service Account which is allowed to do oc port-forward on OpenShift.com Online (AKA kubectl port-forward on Kubernetes), but can't for the life of me figure out which of the many roles I see in oc get clusterrole would permit that? (oc get role is empty.)

error: error upgrading connection: pods "minecraft-storeys-maker-40-ps85h" is forbidden: User "system:serviceaccount:learn-study:oc-port-forward-container" cannot create pods/portforward in the namespace "learn-study": User "system:serviceaccount:learn-study:oc-port-forward-container" cannot create pods/portforward in project "learn-study"

So based on this error message I've tried "pods/portforward", but no good:

oc policy add-role-to-user pods/portforward -z oc-port-forward-container
Error from server (BadRequest): Name parameter invalid: "pods/portforward": may not contain '/'

Also just "portforward" is no good:

oc policy add-role-to-user portforward -z oc-port-forward-container 
Error from server (NotFound): rolebindings.authorization.openshift.io "portforward" not found

It's for https://github.com/OASIS-learn-study/oc-port-forward-container.