Cloned from https://bugzilla.redhat.com/show_bug.cgi?id=1500005

1. Proposed title of this feature request
Restrict users/groups to remove hosts but not delete respective VMs

2. Who is the customer behind the request?
Will be included in a private update to this RFE.

3. What is the nature and description of the request?
It is requested that Foreman users be permitted to remove a host from Foreman management, but not delete such host's underlying VM from the hypervisor while doing it.
With this in place, users with both permissions (remove host from Foreman and delete VM from hypervisor) would be allowed to remove hosts from Foreman and have their underlying VMs deleted from RHEV/ESX/Libvirt/etc., whereas users with only "remove host from Foreman" permission would be allowed to remove the host from Foreman but not delete its underlying VM.

4. Why does the customer need this? (List the business requirements here)
Separation of concerns: certain Foreman users should not be allowed to remove VMs from the hypervisor while being granted permission to remove hosts from Foreman.

5. How would the customer like to achieve this? (List the functional requirements here)
Customer would create two roles with the "remove host from Foreman" filter. One of the roles would be granted, in addition, the "remove VM from hypervisor" filter.
When a user with the more restrictive role clicked the webUI to delete a host it would be removed from Foreman only, as if the host had been disassociated from the VM first.
When a user with the more permissive role clicked the webUI to delete a host they would be prompted (as it happens today) to confirm that the host will be removed from both Foreman and the hypervisor.

6. For each functional requirement listed, specify how Red Hat and the customer can test to confirm the requirement is successfully implemented.
Build roles with and without the "delete VM from hypervisor". Build a test system. Check if a user with such a role will remove the host from Foreman without removing the VM from the hypervisor when clicking the Delete button on the Foreman webUI.

7. Is there already an existing RFE upstream or in Red Hat Bugzilla?
No.

8. Does the customer have any specific timeline dependencies and which release would they like to target (i.e. RHEL5, RHEL6)?
As soon as possible.

9. Is the sales team involved in this request and do they have any additional input?
No.

10. List any affected packages or components.
Foreman, Katello.

11. Would the customer be able to assist in testing this functionality if implemented?
Yes.