Bug 1575660 - Pro-active Case: VMware Auth with Non-admin details fof CF 4.6
Summary: Pro-active Case: VMware Auth with Non-admin details fof CF 4.6
Alias: None
Product: Red Hat CloudForms Management Engine
Classification: Red Hat
Component: Providers
Version: 5.9.0
Hardware: Unspecified
OS: Unspecified
Target Milestone: GA
: 5.9.3
Assignee: Adam Grare
QA Contact: Dave Johnson
Depends On:
TreeView+ depends on / blocked
Reported: 2018-05-07 14:45 UTC by David Luong
Modified: 2018-05-21 13:58 UTC (History)
9 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Last Closed: 2018-05-21 13:21:00 UTC
Category: Inquiry
Cloudforms Team: CFME Core
Target Upstream Version:

Attachments (Terms of Use)

Comment 5 Mike Calizo 2018-05-17 18:51:14 UTC
Update from Brad Ascar:

This is the info we have from Engineering as a quick answer on the minimal permission set. This is not tested and not verified by our QE, but a quick look through code by Eng they think the following *should* be safe. Anything not working is on the team/customer.

* Cancel task
* Log event
* Set custom attribute

I removed Diagnostics and Settings from this list, Diagnostics should only be needed by the host user for smartstate, not for the vSphere user.  I don't think we ever needed Settings but I could be wrong.

With some changes we could probably remove the need to enable any global permissions which is I think where a lot of the concern comes from.

Check all privileges for the following:
* Alarms
* Datacenter
* Datastore
* Datastore cluster
* Distributed switch
* Folder
* Host
* Network
* Profile-driven storage (if your VC is 5.5 or newer)
* Resource
* Scheduled task
* Tasks
* Virtual Machine
* dvPortGroup
* vApp

Comment 6 Adam Grare 2018-05-17 19:01:45 UTC
Hey Mike, what info do you need from me?

Comment 9 Mike Calizo 2018-05-17 19:11:54 UTC
(In reply to Adam Grare from comment #6)
> Hey Mike, what info do you need from me?

Hi Adam, I have attached to the case the updated Vmware privilege from DHS in response to what Brad has provided to us. Can you please review the list?
I also need an advice if I need to proceed with the support exception.

Note You need to log in before you can comment on or make changes to this bug.