|Summary:||Pro-active Case: VMware Auth with Non-admin details fof CF 4.6|
|Product:||Red Hat CloudForms Management Engine||Reporter:||David Luong <dluong>|
|Component:||Providers||Assignee:||Adam Grare <agrare>|
|Status:||CLOSED NOTABUG||QA Contact:||Dave Johnson <dajohnso>|
|Version:||5.9.0||CC:||abellott, agrare, cpelland, dluong, gblomqui, jfrey, jhardy, mcalizo, obarenbo|
|Fixed In Version:||Doc Type:||If docs needed, set a value|
|Doc Text:||Story Points:||---|
|Last Closed:||2018-05-21 13:21:00 UTC||Type:||Bug|
|oVirt Team:||---||RHEL 7.3 requirements from Atomic Host:|
|Cloudforms Team:||CFME Core||Target Upstream Version:|
Comment 5 Mike Calizo 2018-05-17 18:51:14 UTC
Update from Brad Ascar: This is the info we have from Engineering as a quick answer on the minimal permission set. This is not tested and not verified by our QE, but a quick look through code by Eng they think the following *should* be safe. Anything not working is on the team/customer. == Global: * Cancel task * Log event * Set custom attribute I removed Diagnostics and Settings from this list, Diagnostics should only be needed by the host user for smartstate, not for the vSphere user. I don't think we ever needed Settings but I could be wrong. With some changes we could probably remove the need to enable any global permissions which is I think where a lot of the concern comes from. Check all privileges for the following: * Alarms * Datacenter * Datastore * Datastore cluster * Distributed switch * Folder * Host * Network * Profile-driven storage (if your VC is 5.5 or newer) * Resource * Scheduled task * Tasks * Virtual Machine * dvPortGroup * vApp
Comment 6 Adam Grare 2018-05-17 19:01:45 UTC
Hey Mike, what info do you need from me?
Comment 9 Mike Calizo 2018-05-17 19:11:54 UTC
(In reply to Adam Grare from comment #6) > Hey Mike, what info do you need from me? Hi Adam, I have attached to the case the updated Vmware privilege from DHS in response to what Brad has provided to us. Can you please review the list? I also need an advice if I need to proceed with the support exception.