Hi, Adding to what Rubén said, the acl modification is only allowed for users in the oneadmin group.
Make sure you use the reference command-auth tables in the xml-rpc doc [1] to create your rules. For example, oneuser passwd requires USER:MANAGE. The rule "#<user_id> USER/* USE+MANAGE+ADMIN" will allow your user to change oneadmin's password. In this case, you will want to create a rule targeting each group (excluding oneadmin). Regards [1] http://docs.opennebula.org/4.4/integration/system_interfaces/api.html#authorization-requests-reference -- Carlos Martín, MSc Project Engineer OpenNebula - Flexible Enterprise Cloud Made Simple www.OpenNebula.org | cmar...@opennebula.org | @OpenNebula<http://twitter.com/opennebula><cmar...@opennebula.org> On Thu, Apr 3, 2014 at 2:19 PM, Ruben S. Montero <rsmont...@opennebula.org>wrote: > Hi > > Probably, the following may work... > > oneacl create "#<user_id> USER/* CREATE" > oneacl create "#<user_id> USER/* USE+MANAGE+ADMIN" > > Take a look to the ACL guide for more info: > > > http://docs.opennebula.org/4.4/administration/users_and_groups/manage_acl.html > > Cheers > > Ruben > > > > On Thu, Apr 3, 2014 at 12:08 PM, Wilma Hermann <wilma.herm...@gmail.com>wrote: > >> Hi, >> >> Is it possible to assign limited admin rights to certain accounts? I >> would like to have a user that is allowed to do all the user >> management (creating users, adding users to existing groups, etc.) >> without adding this user to the oneadmin-group. In particular, I would >> like to deny this user access to all other users' VMs, templates, >> images, etc. The user also shouldn't have write-access to the ACLs >> (otherwise limits would make no sense obviously). >> >> Greetings >> Wilma >> _______________________________________________ >> Users mailing list >> Users@lists.opennebula.org >> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org >> > > > > -- > -- > Ruben S. Montero, PhD > Project co-Lead and Chief Architect > OpenNebula - Flexible Enterprise Cloud Made Simple > www.OpenNebula.org | rsmont...@opennebula.org | @OpenNebula > > _______________________________________________ > Users mailing list > Users@lists.opennebula.org > http://lists.opennebula.org/listinfo.cgi/users-opennebula.org > >
_______________________________________________ Users mailing list Users@lists.opennebula.org http://lists.opennebula.org/listinfo.cgi/users-opennebula.org