Uploaded image for project: 'Red Hat Advanced Cluster Management'
  1. Red Hat Advanced Cluster Management
  2. ACM-26070

Fleet Virtualization: fine-grained RBAC user missing storage class information

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Major Major
    • None
    • ACM 2.15.0
    • Search
    • Quality / Stability / Reliability
    • False
    • Hide

      None

      Show
      None
    • False
    • Moderate
    • None

      Description of problem:

      Fine-grained RBAC users do not have permission to see PersistentVolumeClaims in search results, disabling part of the Fleet Virtualization UI.

      Version-Release number of selected component (if applicable):

      ACM 2.15.0

      How reproducible:

      Always

      Steps to Reproduce:

      1. Enable fine-grained RBAC
      2. Create a user that has kubevirt.io:view and/or kubevirt.io-acm-managed:view for some clusters with VMs via ClusterPermission
      3. View the Fleet Virtualization VM list
      4. Enable the Storage class column

      Actual results:

      Storage class column is empty. Advanced search has no options under Storage class.

      Expected results:

      Fine-grained RBAC user should see same data as kube:admin in this case.

      Additional info:

      Ultimately this permission should be granted by making the fine-grained RBAC more generic and applying it to the kubevirt.io-acm-managed:view ClusterRole which includes permission to view PersistentVolumeClaims. As a temporary solution, we can add this permission to the hardcoded list included when the kubevirt.io:view role is detected.

        1. image-2025-11-04-14-15-51-201.png
          1.04 MB
          Kevin Cormier

              jpadilla@redhat.com Jorge Padilla
              rh-ee-kcormier Kevin Cormier
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated: