Loading...

XML

Word

Printable

Type: Task
Resolution: Done
Priority: Undefined
Fix Version/s: None
Affects Version/s: None
Component/s: Console
Labels:
- acmrbac

Activity Type:
Product / Portfolio Work
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Ready:
False
Epic Link:
Openshift virtualization UI integration
Intelligence Requested:
Market:

Regression:
None

SFDC Cases Links:
SFDC Cases Open:
SFDC Cases Counter:

For multicluster support in the CNV UI, we are dependent on the fine-grained-rbac-preview feature in ACM.

Current setup involves:

Following instructions at https://github.com/stolostron/rhacm-docs/blob/2.14_stage/secure_cluster/fine_grain_rbac_ui.adoc to enable the feature and create basic prerequisite role bindings
Bind specific users to clusters and namespaces using the Access control UI in ACM, using the built-in kubevirt roles like kubevirt.io:admin, kubevirt.io:edit, and kubevirt.io:view

We need to determine what other permissions are required by the CNV UI for a full user experience. Currently we know the Pod for a VM will not show with this set of permissions, and there is optional permission required to show Nodes.

relates to

ACM-22869 ClusterRoles for extended VM resources (including the existing kubevirt role permissions)

Testing

CNV-67010 VirtualMachines console page - necessary RBAC

Closed

Assignee:: Ugo Palatucci

Reporter:: Kevin Cormier

QA Contact:: Guohua Ouyang

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Created:: 2025/07/31 2:32 PM

Updated:: 2025/10/09 7:40 PM

Resolved:: 2025/09/17 6:35 PM

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates