When Devops user (assigned the Namespace:Edit role) navigates to Create a VM UI triggers an "An error occurred while fetching data" alert. This failure prevents the user from adding Network Interfaces in the Optional Network Configuration step

Supervisor 9.1
LCI 9.1

Context : LCI- Local Consumption Interface Supervisor service provides the standalone mode user interface that can be used by the Devops user to manage the Kubernetes workloads.

Problem: When a DevOps user (with Namespace Edit permissions) attempts to navigate the Create VM wizard, the UI fails at the network step with a 403 Forbidden error.

Error Message: virtualnetworks.vmware.com is forbidden: User "sso:[email protected]" cannot list resource "virtualnetworks" in API group "vmware.com" in the namespace "90-vmservice".

Root Cause: The ncp-resources-view ClusterRole lacked permissions for the vmware.com API group. While it had rights for NSX resources, it couldn't "get," "list," or "watch" the virtual network resources required by the wizard.

Workaround:

User with admin access to the Supervisor needs to run following command to make virtualnetworks, virtualnetworkinterfaces are accessible to the devops user.

kubectl patch clusterrole ncp-resources-view --type='json' -p='[{"op": "add", "path": "/rules/-", "value": {"apiGroups": ["vmware.com"], "resources": ["virtualnetworks", "virtualnetworkinterfaces"], "verbs": ["get", "list", "watch"]}}]'