Any thoughts on this one? - DHC
On Wed, Mar 13, 2013 at 4:34 PM, Dead Horse <[email protected]>wrote: > Got an interesting one here as pertaining to template permissions and > provisioning. > > Given the following setup/situation: > > A cluster with a user A assigned poweruser role permissions on the cluster. > - User A is assigned poweruser role permissions to storage domain A > - User A is a consumer of quota A which is assigned to specific storage > domain A > > A cluster with a user B assigned poweruser role permissions on the cluster. > - User B is assigned poweruser role permissions to storage domain B > - User B is a consumer of quota B which is assigned to specific storage > domain B > > User A creates a VM and makes it a template of it with permissions of > everyone as UserTemplateBasedVM. > > User B tries to create a VM based on the template that User A created. > While the base VM profile can be created the storage provisioning > encounters an issue. > > Via Template provisioning option with the thin provision option will fail > due to the fact that User B does not have proper permissions to User A's > storage domain. The symptom of this expected failure is the target storage > domain pull-down is empty. (It really should show something or be greyed > out rather than just be blank at least some sort of user notification). > > The real issue here is with the clone provisioning option. The idea here > is to be to clone a copy of the template disks into User B's storage domain > as a target where User B has poweruser role permissions. The problem here > is that this fails just like the above thin provision which should not be > the case. The target pulldown still blank it should by default show the > target storage domain to which User B has permissions to that being Storage > domain B. > > Further debugging yields that by assigning UserTemplateVM permissions to > User A's storage domain allows User B to use either of the options above > although the only one really desired is the clone option since we don't > want User B creating VM's in User A's storage domain. There still however > was an issue upon selecting clone and selecting Storage domain B as the > target the VM is created but the disk is created in Storage domain A > instead of storage domain B. > > > Running build of the engine is built from commit: > 7354d3283627bdbe30dd9c15ce45eba375280a8c > > - DHC > >
_______________________________________________ Users mailing list [email protected] http://lists.ovirt.org/mailman/listinfo/users
