"You then might have to go into CreateAccountCmd implementation and check
if there is some ACL for restricting domain admin in using this api as
well."
public void execute(){
UserContext.current().setEventDetails("Account Name:
"+getAccountName()+", Domain Id:"+getDomainId());
UserAccount userAccount =
_accountService.createUserAccount(getUsername(), getPassword(),
getFirstName(), getLastName(), getEmail(), getTimeZone(), getAccountName(),
getAccountType(), getDomainId(), getNetworkDomain(), getDetails());
if (userAccount != null) {
AccountResponse response =
_responseGenerator.createUserAccountResponse(userAccount);
response.setResponseName(getCommandName());
this.setResponseObject(response);
} else {
throw new ServerApiException(BaseCmd.INTERNAL_ERROR, "Failed to
create a user account");
}
}
I don't see any acl for restricting domain admin in using this api.
I will modify commands.properties.in and test it later.
"domain admin to execute this api (change 3 to 7)."
and what is 3 and 7 stand for?
"I think there was discussion/work planned to make ACL more fine grained in
the future releases as well"
you mean the CloudStack will have a UI to set the ACL for user and admin?
my use case is quite simple,admin customize some templates and
serviceoffings, user can create a vm via these templates and serviceoffings,
user has to apply disk,and admin create disk and attach disk for user.
thanks a lot.
2012/9/18 Nitin Mehta <nitin.me...@citrix.com>
> I am not sure if there is any documentation around for this but I think
> you will need to proceed in a similar fashion as I suggested for
> createAccount api.
> Or you can use another account type RESOURCE_DOMAIN_ADMIN which has
> permissions to do this. More info @
> http://confluence.cloudstack.org/display/gen/Resource+Domain+Admin
>
> Also, FYI I think there was discussion/work planned to make ACL more fine
> grained in the future releases as well, but I suggest you to state your use
> case so that it could be kept in mind while designing it.
>
> Thanks,
> -Nitin
>
> -----Original Message-----
> From: sx chen [mailto:cloudchen0...@gmail.com]
> Sent: Tuesday, September 18, 2012 2:56 PM
> To: cloudstack-dev@incubator.apache.org
> Subject: Re: How to make Domain Admin having the right adding account?
>
> Centainly I want to authorize domain admin to use the api:createAccount
> deleteAccount, updateAccount, createUser, deleteUser and updateUser within
> its domain as well .I also want to disable the user attach storage and let
> the domain admin do this.
>
> so, is there a document about this?or any suggestion?
>
>
>
> 2012/9/18 Nitin Mehta <nitin.me...@citrix.com>
>
> > Change the bitmap in the file commands.properties.in to 7 to allow
> > domain admin to execute this api (change 3 to 7).
> > createAccount=com.cloud.api.commands.CreateAccountCmd;3
> >
> > You then might have to go into CreateAccountCmd implementation and
> > check if there is some ACL for restricting domain admin in using this
> api as well.
> >
> > But, do you want to authorize domain admin only to use this api or
> > other account/user apis like deleteAccount, updateAccount, createUser,
> > deleteUser and updateUser as well ?
> >
> > Thanks,
> > -Nitin
> >
> > -----Original Message-----
> > From: sx chen [mailto:cloudchen0...@gmail.com]
> > Sent: Tuesday, September 18, 2012 12:58 PM
> > To: cloudstack-us...@incubator.apache.org
> > Subject: How to make Domain Admin having the right adding account?
> >
> > hi,all
> > I'm a CloudStack API developer,I want to know How to make Domain
> > Admin having the right adding account?
> > We know that only root user has the right to excute createAccount
> > API,So what should I do?
> >
>
