Bug 928410 (https://bugzilla.redhat.com/show_bug.cgi?id=928410) opened on this issue. Additionally Bug 928399 (https://bugzilla.redhat.com/show_bug.cgi?id=928399) which is possibly related to this issue opened.
- DHC On Mon, Mar 18, 2013 at 10:02 PM, Dead Horse <[email protected]>wrote: > Verified this is present in latest engine built from master with latest > VDSM built from master. > On the surface this literally seems as simple as a lack of Read-Only > access to the template image when requesting to clone it from the template > on the storage domain wherein the user cloning from the template has no > permissions. > - DHC > > > On Wed, Mar 13, 2013 at 4:34 PM, Dead Horse <[email protected] > > wrote: > >> Got an interesting one here as pertaining to template permissions and >> provisioning. >> >> Given the following setup/situation: >> >> A cluster with a user A assigned poweruser role permissions on the >> cluster. >> - User A is assigned poweruser role permissions to storage domain A >> - User A is a consumer of quota A which is assigned to specific storage >> domain A >> >> A cluster with a user B assigned poweruser role permissions on the >> cluster. >> - User B is assigned poweruser role permissions to storage domain B >> - User B is a consumer of quota B which is assigned to specific storage >> domain B >> >> User A creates a VM and makes it a template of it with permissions of >> everyone as UserTemplateBasedVM. >> >> User B tries to create a VM based on the template that User A created. >> While the base VM profile can be created the storage provisioning >> encounters an issue. >> >> Via Template provisioning option with the thin provision option will fail >> due to the fact that User B does not have proper permissions to User A's >> storage domain. The symptom of this expected failure is the target storage >> domain pull-down is empty. (It really should show something or be greyed >> out rather than just be blank at least some sort of user notification). >> >> The real issue here is with the clone provisioning option. The idea here >> is to be to clone a copy of the template disks into User B's storage domain >> as a target where User B has poweruser role permissions. The problem here >> is that this fails just like the above thin provision which should not be >> the case. The target pulldown still blank it should by default show the >> target storage domain to which User B has permissions to that being Storage >> domain B. >> >> Further debugging yields that by assigning UserTemplateVM permissions to >> User A's storage domain allows User B to use either of the options above >> although the only one really desired is the clone option since we don't >> want User B creating VM's in User A's storage domain. There still however >> was an issue upon selecting clone and selecting Storage domain B as the >> target the VM is created but the disk is created in Storage domain A >> instead of storage domain B. >> >> >> Running build of the engine is built from commit: >> 7354d3283627bdbe30dd9c15ce45eba375280a8c >> >> - DHC >> >> >
_______________________________________________ Users mailing list [email protected] http://lists.ovirt.org/mailman/listinfo/users
