Following MTV minimum permissions role, created a user with that role assigned at eco-vcenter's root level with trickle down, created a storage provider and map, try to migrate a VM. 
Populator pod fails: 
11:34:14.547467 1 client.go:60] Failed to run esxcli command: <nil> ServerFaultCode: Permission to perform this operation was denied. soap.soapFaultErrorI1026 11:34:14.547512 1 vsphere-xcopy-volume-..

Same error was reproduced with a second role/user which does indeed lack datastore access rights, it too hit this same error

MTV 2.10
OCP 4.19

Always / N%

1. Created the needed role on vmware 
2. Create a user with said role  (MTV_minimum_permissions)
3. Assign the user permissions on vmware (mtv-permision@... )
4. Create a vmware provider with said user (eco-vsphere-min-permissions)
5. Create a storage map with said provider (shouldpass)
6. Try to migrate a vm, migration fails with populator error:

I1026 11:34:14.504226 1 remote_esxcli.go:107] Debug: UseSSHMethod field value: falseI1026 11:34:14.504239 1 remote_esxcli.go:113] Debug: Set cloneMethod to VIBI1026 11:34:14.504243 1 remote_esxcli.go:116] Starting populate via remote esxcli vmkfstools (vib), source vmdk=[eco-iscsi-ds3] tshefi-linux9_1/tshefi-linux9.vmdk, pv={pvc-070e8a8d-98e4-4e3a-b2c4-cdff5bbda9ba pvc-070e8a8d-98e4-4e3a-b2c4-cdff5bbda9ba map[backendUUID:4ba678e5-0d3a-4f05-bdda-e516e3f2e157 internalName:trident_pvc_070e8a8d_98e4_4e3a_b2c4_cdff5bbda9ba name:pvc-070e8a8d-98e4-4e3a-b2c4-cdff5bbda9ba protocol:block storage.kubernetes.io/csiProvisionerIdentity:1760616938134-3672-csi.trident.netapp.io]}I1026 11:34:14.504326 1 vsphere-xcopy-volume-populator.go:355] Staring metrics serverfound vm VirtualMachine:vm-64084 @ /Eco-Datacenter/vm/tshefi-vms/tshefi-linux9I1026 11:34:14.519579 1 remote_esxcli.go:125] Got ESXi host: HostSystem:host-12657I1026 11:34:14.519601 1 vib.go:27] ensuring vib version on ESXi : 0.1.1I1026 11:34:14.526397 1 client.go:57] about to run esxcli command [software vib get -n vmkfstools-wrapper]E1026 11:34:14.547467 1 client.go:60] Failed to run esxcli command: <nil> ServerFaultCode: Permission to perform this operation was denied. soap.soapFaultErrorI1026 11:34:14.547512 1 vsphere-xcopy-volume-populator.go:204] channel quit failed to ensure VIB is installed: failed to get the VIB version from ESXi : ServerFaultCode: Permission to perform this operation was denied.F1026 11:34:14.547520 1 vsphere-xcopy-volume-populator.go:206] failed to ensure VIB is installed: failed to get the VIB version from ESXi : ServerFaultCode: Permission to perform this operation was denied.

populator pod lack permissions to check VIB, I wounder what will happen with the ssh method.

I guess we need to add some lacking permission on the mtv doc for VIB method to work, once added I would hope it works.