----- Original Message ----- > From: "Omer Frenkel" <ofren...@redhat.com> > To: "Oved Ourfalli" <ov...@redhat.com> > Cc: engine-devel@ovirt.org > Sent: Sunday, March 18, 2012 11:27:33 AM > Subject: Re: [Engine-devel] Disk Permissions Feature > > > > ----- Original Message ----- > > From: "Oved Ourfalli" <ov...@redhat.com> > > To: "Itamar Heim" <ih...@redhat.com> > > Cc: engine-devel@ovirt.org, "Omer Frenkel" <ofren...@redhat.com> > > Sent: Sunday, March 18, 2012 11:09:54 AM > > Subject: Re: [Engine-devel] Disk Permissions Feature > > > > > > > > ----- Original Message ----- > > > From: "Itamar Heim" <ih...@redhat.com> > > > To: "Omer Frenkel" <ofren...@redhat.com> > > > Cc: engine-devel@ovirt.org > > > Sent: Thursday, March 15, 2012 5:46:07 PM > > > Subject: Re: [Engine-devel] Disk Permissions Feature > > > > > > On 03/15/2012 05:34 PM, Omer Frenkel wrote: > > > >>> > > 1. "Create disk - requires permissions on the Storage > > > >>> > > Domain, > > > >>> > > (can't > > > >>> > > assume Quota is sufficient to permit user creating the > > > >>> > > disk > > > >>> > > on the > > > >>> > > Storage Domain, as Quota might be disabled)" > > > >>> > > > > > >>> > > I'd also specify create disk for regular disks is at > > > >>> > > storage domain > > > >>> > > level?, while direct lun disks require system level > > > >>> > > permission of > > > >>> > > add disk. > > > >>> > > > > > >>> > > so, if quota is disabled, how important is it to > > > >>> > > prevent > > > >>> > > creation > > > >>> > > of > > > >>> > > disks (other than direct lun ones, which would require > > > >>> > > a > > > >>> > > permission > > > >>> > > similar to storage domain creation)? > > > >>> > > > > > >>> > > if this is added, it has to be implicitly added / not > > > >>> > > needed if > > > >>> > > user has > > > >>> > > quota (i.e., having a quota should be similar to having > > > >>> > > a > > > >>> > > permission as > > > >>> > > far as the check goes). > > > >>> > > > > > >> > > > > >> > We should look into it, how complicate is it to validate if > > > >> > user has > > > >> > either quota or permission, and allow creating a disk on a > > > >> > SD > > > >> > if > > > >> > either > > > >> > exists. > > > > this might be confusing to the user as he can disable the > > > > quota, > > > > then stuff would stop working. > > > > > > > > > > we can't require both quota and permissions from user on storage > > > domains > > > - that's cumbersome. > > > question is if we can limit the need for permissions to disks > > > only > > > to > > > places where they are needed (shared, direct, floating)? > > +1 on that. > > I also think it is only relevant on attaching a disk to a VM, as > > the > > other use-cases are simpler: > > 1. Attach disk to VM - would require having permissions on the disk > > (whether it is shared, direct lun or floating) > > 2. Add disk to VM - would only require quota (if enforced). > > 3. Create disk (i.e., floating/shared disk) - would only require > > quota (if enforced). > > and if not enforced? anyone can create as much disks as he like? > we thought of requiring permissions if quota is disabled, > but i think its confusing to the user as he plays with You are right. Need to think this through... Also, we need to get a better understanding on the use-cases for floating/shared disk... who is supposed to create them, and who to attach...
> > > > > _______________________________________________ > > > Engine-devel mailing list > > > Engine-devel@ovirt.org > > > http://lists.ovirt.org/mailman/listinfo/engine-devel > > > > > > _______________________________________________ > Engine-devel mailing list > Engine-devel@ovirt.org > http://lists.ovirt.org/mailman/listinfo/engine-devel > _______________________________________________ Engine-devel mailing list Engine-devel@ovirt.org http://lists.ovirt.org/mailman/listinfo/engine-devel
