Loading...

XML

Word

Printable

Type: Bug
Resolution: Unresolved
Priority: Critical
Fix Version/s: ACM 2.16.0
Affects Version/s: ACM 2.14.0, ACM 2.15.0
Component/s: Container Native Virtualization, Search
Labels:

Activity Type:
Quality / Stability / Reliability
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Ready:
False
Epic Link:
rbac-vm-related-resources
Intelligence Requested:
Market:

Severity:
Critical

Regression:
None

SFDC Cases Links:
SFDC Cases Open:
SFDC Cases Counter:

PX Impact Score:

Description of problem:

When fine grained RBAC is enabled, search bypasses check for create managedclusterview permissions. This breaks UI Policy and Application pages and only allows users with cluster-admin ClusterRoleBinding on the hub to see non-kubevirt resources in search.

Version-Release number of selected component (if applicable): 2.14, 2.15

How reproducible: always

Steps to Reproduce:

Enable fine grained rbac TP feature
kubectl create clusterrolebinding view_qe-admin-user --clusterrole=view --user=qe-admin-user
kubectl auth can-i create managedclusterview -A (should return yes - view ClusterRole includes create managedclusterview permissions)

Actual results:

Check ACM Search UI as qe-admin-user; no managed cluster resources are shown

Expected results:

Managed cluster resources should be shown because user has create managedclusterview permissions

Additional info:

blocks

ACM-21065 Fine-grained RBAC for Virtualization GA in Search (2.16)

Assignee:: Jorge Padilla

Reporter:: Matthew Short

QA Contact:: Atif Shafi

Votes:: 0 Vote for this issue

Watchers:: 7 Start watching this issue

Created:: 2025/11/05 4:06 PM

Updated:: 2025/11/21 2:10 AM

Details

Description

Description of problem:

Version-Release number of selected component (if applicable): 2.14, 2.15

How reproducible: always

Steps to Reproduce:

Actual results:

Expected results:

Additional info:

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates