Value Statement

ACM shipped these custom virt roles for 2.15:

kubevirt.io-acm-hub:admin
kubevirt.io-acm-hub:view
kubevirt.io-acm-managed:admin
kubevirt.io-acm-managed:view

https://github.com/stolostron/multiclusterhub-operator/blob/main/pkg/templates/charts/toggle/fine-grained-rbac/templates/acm-roles-addontemplate.yaml

We need to finalize them and make sure they are GA ready for 2.16. Some considerations are:

• security (least privilege)
• namespace vs cluster scoped resources
  • should we combine into single roles or separate
• validate that no use cases are missing for a VM admin

Finalize with PM (Christian Stark) and architects (Joydeep + Josh)

Definition of Done for Engineering Story Owner (Checklist)

• ...

Development Complete

• The code is complete.
• Functionality is working.
• Any required downstream Docker file changes are made.

Tests Automated

• [ ] Unit/function tests have been automated and incorporated into the
  build.
• [ ] 100% automated unit/function test coverage for new or changed APIs.

Secure Design

• [ ] Security has been assessed and incorporated into your threat model.

Multidisciplinary Teams Readiness

• [ ] Create an informative documentation issue using the Customer

Portal Doc template that you can access from [The Playbook](

https://docs.google.com/document/d/1YTqpZRH54Bnn4WJ2nZmjaCoiRtqmrc2w6DdQxe_yLZ8/edit#heading=h.9fvyr2rdriby),

and ensure doc acceptance criteria is met.

• Call out this sentence as it's own action:

• [ ] Link the development issue to the doc issue.

Support Readiness

• [ ] The must-gather script has been updated.