Reedback requested: Fine grained roles for VirtualMachines

[Michael Henriksen]

Hi All,

I've been researching ways to grant users permission to modify only specific parts of a VirtualMachine definition, such as adding or removing disks, without giving them full editing privileges.

I've developed a POC to demonstrate my suggested approach to the problem, which you can find at [1]. I would greatly appreciate the community's feedback on this.

Primarily, I'm interested in knowing if this is a topic we should explore further. Is the "update virtualmachines" RBAC too broad for your organization's needs? What specific roles or granular permissions would you find useful in your workflows? If there is sufficient interest, I will initiate the VEP process.

Best regards,

Mike

[1] https://github.com/mhenriks/kubevirt-rbac-webhook