Hide Forgot
As you know, access control in RHV is based on assigning specific roles for certain groups/users. However, in case of insufficiency permissions, log shows us some like: 2016-11-08 11:58:35,040 INFO [org.ovirt.engine.core.bll.AttachUserToVmFromPoolAndRunCommand] (ajp-/127.0.0.1:8702-4) [350cfcd5] No permission found for user '73a99b02-04b5-4d8d-b94e-5b97fb25e0f4' or one of the groups he is member of, when running action 'AttachUserToVmFromPoolAndRun', Required permissions are: Action type: 'USER' Action group: 'VM_POOL_BASIC_OPERATIONS' Object type: 'VM Pool' Object ID: 'b3130286-f30c-437e-9aea-71160807ba3b'. After this admin should guess a role(s) that allows run certain command. (There are can be many of them, as default as well as created by admin.) I propose to write a tool that would simplify such guessing. By providing a list of available roles that grant execution of specific command. It could be a cmdline tool or a part of adminportal.
You can take a look at the roles either in the UI or the API, and find the action group. I don't see us adding and maintaining a utility for that use. Closing as WONTFIX.