Hi Ignazio,
This is a quick change to the simple_permissions.rb script. I didn't even
check if this works, but it should help you get the idea of what Daniel
proposed.
When modifying an authorization script, you have to take into account that
oneadmin (user with id = 0) is granted anything in the core.
--- a/src/authm_mad/simple_permissions.rb
+++ b/src/authm_mad/simple_permissions.rb
@@ -71,8 +71,12 @@ class SimplePermissions
case action
when 'CREATE'
- auth_result=true if %w{VM NET IMAGE}.include? object
-
+ if %w{VM IMAGE}.include? object
+ auth_result = true
+ elsif object == "NET"
+ auth_result = "Regular users can not CREATE NET"
+ end
+
if @quota_enabled and object=='VM' and auth_result
STDERR.puts 'quota enabled'
@quota.update(uid.to_i)
Regards.
--
Carlos Martín, MSc
Project Major Contributor
OpenNebula - The Open Source Toolkit for Cloud Computing
www.OpenNebula.org <http://www.opennebula.org/> | [email protected]
On Mon, Apr 18, 2011 at 3:16 PM, <[email protected]>wrote:
> Hello Daniel,
> I'd like to ask when new features will be addes do manage user groups.
> I did not understand I can setroles for difeerent users using
> simple_permissions.rb...
> How can I modify the simple_permissions.rb to deny users crating new
> virtual networks ?
> Please, could ou give me an example ?
> At this time my oneaadmn ha created c virtual network and I don't want any
> other user create furthers vmnet.
> Thanks and Regards
>
> ----- Messaggio da [email protected] ---------
> Data: Mon, 28 Mar 2011 16:21:31 +0200
> Da: Daniel Molina <[email protected]>
> Oggetto: Re: [one-users] user permissions on vnet
> A: [email protected]
> Cc: [email protected]
>
>
> Hi,
>>
>> You can use the auth module [1,2] to disable the VNet creation for
>> users different from oneadmin.
>>
>> Furthermore, we are developing a new feature to mange user groups. You
>> will be able to set roles for different users and even customize your
>> Sunstone to add or remove functionality for these users.
>>
>> [1] http://www.opennebula.org/documentation:rel2.2:users
>> [2] http://www.opennebula.org/documentation:rel2.2:auth
>>
>> Regards
>>
>> On 24 March 2011 14:09, <[email protected]> wrote:
>>
>>> Hello everyone,
>>> I'd like to know if it is possible to set user permissions on virtual
>>> network
>>> creation.
>>> At this time, using sunstone, seems a normale user (not oneadmin) can
>>> create
>>> a virtual
>>> network with the same attributes of vnet created by oneadmin.
>>> Is it strange ?
>>> Thanks and regards
>>> Ignazio
>>>
>>> _______________________________________________
>>> Users mailing list
>>> [email protected]
>>> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
>>>
>>>
>>
>>
>> --
>> Daniel Molina, Cloud Technology Engineer/Researcher
>> Major Contributor
>> OpenNebula - The Open Source Toolkit for Cloud Computing
>> www.OpenNebula.org | [email protected]
>>
>>
>
> ----- Fine messaggio da [email protected] -----
>
>
>
>
> _______________________________________________
> Users mailing list
> [email protected]
> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
>
_______________________________________________
Users mailing list
[email protected]
http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
