ACM Virt team is doing a lot of work with fine grained user RBAC. This involves creating IDP users, logging into the ACM console as well as OCP console directly to access the VirtualMachines pages, and it relies on user RBAC. We are requesting the following from CNV:

1. list of rbac permissions a user needs to have full functionality of the VirtualMachines console (pods, persistentvolumes, nodes, CPU/memory prometheus metrics, etc).
2. answer to the following question: does CNV plan to provide this as it's own ClusterRole? ideally CNV would provide this as a pre-built ClusterRole that we could then consume; this is already being done with the kubevirt roles kubevirt:admin, kubevirt:edit, kubevirt:view, etc.

The end goal is to be able to provide a ClusterRole (or combination) that will give a VM admin all the necessary permissions that they need.

Let me know if you need any further clarifications. The ACM ticket this is related to is this one: ACM-22869.