XML

Word

Printable

Type: Epic
Resolution: Unresolved
Priority: Critical
Fix Version/s: ACM 2.15.0
Affects Version/s: ACM 2.14.0
Component/s: Container Native Virtualization
Labels:
- acmrbac

Epic Name:
rbac-vm-related-resources
Work Type:
Product / Portfolio Work
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Ready:
False
Color Status:
Not Selected
Epic Status:
To Do
Feature Link:
VIRTSTRAT-51 - Enable fine-grained RBAC support in ACM for Virt use cases
Parent Link:
VIRTSTRAT-51Enable fine-grained RBAC support in ACM for Virt use cases
Hierarchy Progress Bar:

67% To Do, 33% In Progress, 0% Done

Severity:
Critical

SFDC Cases Links:
SFDC Cases Open:
SFDC Cases Counter:

PX Impact Score:

Intelligence Requested:
Market:

OCP/Telco Definition of Done
https://docs.google.com/document/d/1TP2Av7zHXz4_fmeX4q9HB0m9cqSZ4F6Jd4AiVoaF_2s/edit#heading=h.gaa58bzbvwde
Epic Template descriptions and documentation.
https://docs.google.com/document/d/14CUCEg6hQ_jpsFzJtWo29GfFVWmun2Uivrxq3_Fkgdg/edit
ACM-wide Product Requirements (Top-level Epics)
https://docs.google.com/document/d/1uIp6nS2QZ766UFuZBaC9USs8dW_I5wVdtYF9sUObYKg/edit

*<--- Cut-n-Paste the entire contents of this description into your new
Epic --->*

Epic Goal

To provide a VM admin the necessary access to manage VirtualMachine related resources. This includes the VM pod, attached secrets/configmaps, storage (PV, PVC), networking (NetworkAttachmentDefinition), etc. The current VM admin permissions (kubevirt:admin) does not include any of these related resources.

Why is this important?

VM admins need to be able to view/modify VM related resources in order to troubleshoot issues. If they do not have, then their troubleshooting ability will be limited.

Scenarios

VM admin can access all related VM resources with modify permissions
VM view permissions can access the same as above, but in read only
Permissions can be cluster wide as well as namespaced

Acceptance Criteria

VM related resources are viewable from ACM search Virtual Machines page
Through ClusterPermission, a role can be applied that provides access to all related/needed VM resources on managed clusters.
Both ACM and OCP VM console pages are fully functioning through the extended VM roles provided from #2

Dependencies (internal and external)

Previous Work (Optional):

Open questions:

Done Checklist

CI - CI is running, tests are automated and merged.
Release Enablement <link to Feature Enablement Presentation>
DEV - Upstream code and tests merged: <link to meaningful PR or GitHub
Issue>
DEV - Upstream documentation merged: <link to meaningful PR or GitHub
Issue>
DEV - Downstream build attached to advisory: <link to errata>
QE - Test plans in Polarion: <link or reference to Polarion>
QE - Automated tests merged: <link or reference to automated tests>
DOC - Doc issue opened with a completed template. Separate doc issue
opened for any deprecation, removal, or any current known
issue/troubleshooting removal from the doc, if applicable.
Considerations were made for Extended Update Support (EUS)

Assignee:: Matthew Short

Reporter:: Matthew Short

QA Contact:: Atif Shafi

Architect:: Joydeep Banerjee

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Created:: 2025/08/04 9:43 PM

Updated:: 2025/08/21 2:28 PM

Details

Description

Epic Goal

Why is this important?

Scenarios

Acceptance Criteria

Dependencies (internal and external)

Previous Work (Optional):

Open questions:

Done Checklist

Attachments

Easy Agile Planning Poker

Activity

People

Dates

Hide