theforeman · nofaralfasi · Jan 8, 2026 · sourcery-ai · Jan 8, 2026
diff --git a/lib/foreman_rh_cloud/plugin.rb b/lib/foreman_rh_cloud/plugin.rb
@@ -71,9 +71,37 @@ def self.register
             :control_organization_insights,
             'insights_cloud/settings': [:set_org_parameter]
           )
+          # Insights Vulnerability permissions
+          permission(
+            :view_vulnerability,
+            {},
+            :resource_type => 'ForemanRhCloud'
+          )
+          permission(
+            :edit_vulnerability,
+            {},
+            :resource_type => 'ForemanRhCloud'
+          )
+          # Insights Advisor permissions
+          permission(
+            :view_advisor,
+            {},
+            :resource_type => 'ForemanRhCloud'
+          )
+          permission(
+            :edit_advisor,
+            {},
+            :resource_type => 'ForemanRhCloud'
+          )
         end
 
-        plugin_permissions = [:view_foreman_rh_cloud, :generate_foreman_rh_cloud, :view_insights_hits, :dispatch_cloud_requests, :control_organization_insights]
+        # Core RH Cloud permissions for inventory upload and sync
+        rh_cloud_permissions = [:view_foreman_rh_cloud, :generate_foreman_rh_cloud, :view_insights_hits, :dispatch_cloud_requests, :control_organization_insights]
+
+        # Insights application permissions (Vulnerability, Advisor)
+        insights_permissions = [:view_vulnerability, :edit_vulnerability, :view_advisor, :edit_advisor]
+
+        plugin_permissions = rh_cloud_permissions + insights_permissions
 
         role 'ForemanRhCloud', plugin_permissions, 'Role granting permissions to view the hosts inventory,
                                                     generate a report, upload it to the cloud and download it locally'