[
https://issues.apache.org/jira/browse/CLOUDSTACK-9439?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Christian Meier updated CLOUDSTACK-9439:
----------------------------------------
Description:
Domain Administrators are allowed to define Disk and Compute Offerings for
their Domain.
This can be harmful, if storage tags are used.
The domain admin cannot select the storage or host tag in the ui resulting in
an empty tag field.
As a result, instantiated root or data disks will be placed on any available
storage backend or the VM will be placed on any available host. This may
collide with the allocation strategies that the root admin defined in his
allocation concept.
Either we should allow the definition of tags or disallow domain admins to
define own offerings. (A global or account config option to define this
behavior would be an option). The current scenario allows a circumvention of
the defined tagging scheme.
was:
Domain Administrators are allowed to define Disk and Compute Offerings for
their Domain.
This can be harmful, if storage tags are used.
The domain admin cannot select the storage or tag in the ui resulting in an
empty tag field.
As a result, instantiated root or data disks will be placed on any available
storage backend or the VM will be placed on any available host. This may
collide with the allocation strategies that the root admin defined in his
allocation concept.
Either we should allow the definition of tags or disallow domain admins to
define own offerings. (A global or account config option to define this
behavior would be an option). The current scenario allows a circumvention of
the defined tagging scheme.
> Domain admins can and must create service and disk offerings withouts storage
> and host tags
> -------------------------------------------------------------------------------------------
>
> Key: CLOUDSTACK-9439
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-9439
> Project: CloudStack
> Issue Type: Bug
> Security Level: Public(Anyone can view this level - this is the
> default.)
> Affects Versions: 4.8.0
> Reporter: Christian Meier
>
> Domain Administrators are allowed to define Disk and Compute Offerings for
> their Domain.
> This can be harmful, if storage tags are used.
> The domain admin cannot select the storage or host tag in the ui resulting in
> an empty tag field.
> As a result, instantiated root or data disks will be placed on any available
> storage backend or the VM will be placed on any available host. This may
> collide with the allocation strategies that the root admin defined in his
> allocation concept.
> Either we should allow the definition of tags or disallow domain admins to
> define own offerings. (A global or account config option to define this
> behavior would be an option). The current scenario allows a circumvention of
> the defined tagging scheme.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
