Created attachment 1922658 [details] view only user to visit VM VNC console Description of problem: It should give a permission error when user click VNC play or VNC connect button for view only user. Version-Release number of selected component (if applicable): How reproducible: Steps to Reproduce: 1. create a running vm in a project 2. create a non-admin user and assign view only permission to the project $ oc adm policy add-role-to-user view test -n default 3. view the VM VNC console Actual results: nothing happens when clicking the VNC play button Expected results: Give an error like the command line: $ virtctl vnc -n ecosystem-engineering centos-stream8-slight-hamster Can't access VMI centos-stream8-slight-hamster: virtualmachineinstances.subresources.kubevirt.io "centos-stream8-slight-hamster" is forbidden: User "dkenigsb" cannot get resource "virtualmachineinstances/vnc" in API group "subresources.kubevirt.io" in the namespace "ecosystem-engineering" Additional info:
Instead of giving errors for specific action, I think it would be better to disable these active element for the view only user. So I logged a bug to review all active elements on VM and Template pages: https://bugzilla.redhat.com/show_bug.cgi?id=2140539 If we prefer to do it in bug 2140539, this one can be closed.
verified on v4.12.0-172
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Important: OpenShift Virtualization 4.12.0 Images security update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2023:0408