Hi, I'm missing some information about the permissions of the user (mainly if they actually have permissions to see virtual machine at this namespace, if they don't "access denied" seems an ok error): do you have view permissions to list virtual machine on all namespaces ? what happen if you try to view pods on restricted namespaces ? if you don't have access to all-namespaces, what happen if you try to view virtual machines on a namespace you do have view permissions on ?
Created attachment 1804716 [details] normal user cannot access v2v-vmware configmap Hi Kobi, The actual error is normal user cannot access the v2v-vmware configmaps in ns "kubevirt-hyperconverged". Error on wizard: configmaps "v2v-vmware" is forbidden: User "test" cannot get resource "configmaps" in API group "" in the namespace "kubevirt-hyperconverged" It has two problems here now: 1. the namespace should be "openshift-cnv", not "kubevirt-hyperconverged". 2. normal user cannot access configmap in "openshift-cnv", it shows this error in command line as well. I think this is caused by fix of bug https://bugzilla.redhat.com/show_bug.cgi?id=1942839, as windows VM need to read data from the v2v-vmware configmao, it prevent normal user to use the wizard. $ oc login -u test -p test $oc get cm -n openshift-cnv Error from server (Forbidden): configmaps is forbidden: User "test" cannot list resource "configmaps" in API group "" in the namespace "openshift-cnv" Workaround: Grant normal user access to project 'openshift-cnv'. $ oc adm policy add-role-to-user view test -n openshift-cnv After it, normal user is able to use the wizard and create the vm.
not a blocker, because it has a workaround, moving severity to high because this effect any non admin user
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: OpenShift Container Platform 4.9.0 bug fix and security update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2021:3759
The needinfo request[s] on this closed bug have been removed as they have been unresolved for 500 days