Hi Rubén, The way users list the resources is somewhat limited to the standard use cases: the onevnet list command accepts 3 options: m (mine), g (group), a (all).
Although you can grant users in group 108 permissions to list vnets in the group 1, they cannot request the list of vnets in group 108. They can only list vnets in their group (g) or all (a) the existing vnets. The command 'onevnet list' is not showing any vnets because the default option is 'g'. 'onevnet list a' command fails because it tries to list all the vnets, what requires the following ACL rule: @108 NET/* INFO_POOL If you need to debug the ACL rules, enable de debug level in oned.conf (enabled by default) and look in oned.log for messages marked as [ACL][D]. You will find messages similar to these ones: Thu Oct 20 05:48:29 2011 [ReM][D]: VirtualNetworkPoolInfo method invoked ... Thu Oct 20 05:48:29 2011 [ACL][D]: Request #1 NET/* INFO_POOL Thu Oct 20 05:48:29 2011 [ACL][D]: > Rule @1 VM+NET+IMAGE+TEMPLATE/* CREATE+INFO_POOL_MINE Thu Oct 20 05:48:29 2011 [ACL][D]: > Rule @1 HOST/* USE Thu Oct 20 05:48:29 2011 [ACL][D]: No more rules, permission not granted You can read more in a similar thread here [1], and the ticket where we will address this limitations [2]. Regards. [1] http://www.mail-archive.com/[email protected]/msg04022.html [2] http://dev.opennebula.org/issues/862 -- Carlos Martín, MSc Project Engineer OpenNebula - The Open Source Toolkit for Cloud Computing www.OpenNebula.org <http://www.opennebula.org/> | [email protected] On Thu, Oct 20, 2011 at 1:47 PM, Ruben Diez <[email protected]> wrote: > Hi: > > We are attempt that OpenNebula users of group XXX (id=108) could view and > use the NETs and IMAGES of the group users (id=1) > > So we create this ACL rule: > > create "@108 NET+IMAGE/@1 USE+INFO+INFO_POOL" > > but, contrary to expectations, un an user of the group XXX (id=108) can't > list the vnets under the group user > > user_under_XXX$ onevnet list > ID USER GROUP NAME TYPE BRIDGE PUB LEASES > > > user_under_XXX$ onevnet list a > [VirtualNetworkPoolInfo] User [4] : Not authorized to perform INFO_POOL > NET. > > > Please note that there are vnets under group user: > > > oneadmin$ onevnet list > ID USER GROUP NAME TYPE BRIDGE PUB LEASES > 175 oneadmin users red-192.169.40 R virbrG No 0 > 171 oneadmin users red-84.21.173 R virbrC Yes 50 > > > Where are the mistake?? > > Regards > > > > ______________________________**_________________ > Users mailing list > [email protected] > http://lists.opennebula.org/**listinfo.cgi/users-opennebula.**org<http://lists.opennebula.org/listinfo.cgi/users-opennebula.org> >
_______________________________________________ Users mailing list [email protected] http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
