Bug 1575660

Summary: Pro-active Case: VMware Auth with Non-admin details fof CF 4.6
Product: Red Hat CloudForms Management Engine Reporter: David Luong <dluong>
Component: ProvidersAssignee: Adam Grare <agrare>
Status: CLOSED NOTABUG QA Contact: Dave Johnson <dajohnso>
Severity: high Docs Contact:
Priority: high    
Version: 5.9.0CC: abellott, agrare, cpelland, dluong, gblomqui, jfrey, jhardy, mcalizo, obarenbo
Target Milestone: GA   
Target Release: 5.9.3   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2018-05-21 13:21:00 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: Inquiry
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: CFME Core Target Upstream Version:

Comment 5 Mike Calizo 2018-05-17 18:51:14 UTC
Update from Brad Ascar:

This is the info we have from Engineering as a quick answer on the minimal permission set. This is not tested and not verified by our QE, but a quick look through code by Eng they think the following *should* be safe. Anything not working is on the team/customer.

==
Global:
* Cancel task
* Log event
* Set custom attribute

I removed Diagnostics and Settings from this list, Diagnostics should only be needed by the host user for smartstate, not for the vSphere user.  I don't think we ever needed Settings but I could be wrong.

With some changes we could probably remove the need to enable any global permissions which is I think where a lot of the concern comes from.

Check all privileges for the following:
* Alarms
* Datacenter
* Datastore
* Datastore cluster
* Distributed switch
* Folder
* Host
* Network
* Profile-driven storage (if your VC is 5.5 or newer)
* Resource
* Scheduled task
* Tasks
* Virtual Machine
* dvPortGroup
* vApp

Comment 6 Adam Grare 2018-05-17 19:01:45 UTC
Hey Mike, what info do you need from me?

Comment 9 Mike Calizo 2018-05-17 19:11:54 UTC
(In reply to Adam Grare from comment #6)
> Hey Mike, what info do you need from me?

Hi Adam, I have attached to the case the updated Vmware privilege from DHS in response to what Brad has provided to us. Can you please review the list?
I also need an advice if I need to proceed with the support exception.