2014-04-14 15:18 GMT+08:00 Tomas Jelinek <tjeli...@redhat.com>: > > > ----- Original Message ----- > > From: "plysan" <ply...@gmail.com> > > To: users@ovirt.org > > Sent: Sunday, April 13, 2014 3:52:55 AM > > Subject: [ovirt-users] Question about power user and public template > > > > Hi, > > > > Currently I have run into a problem about permissions when creating vm > from > > template. > > > > Say if non admin user A in power user portal want to create vm from > template > > C created by non admin user B, I found out that A need to have both power > > user role and userbasedtemplatevm role to make it work. If i only assign > > userbasedtemplatevm to C, A can only view the template in power user > portal > > but not able to create vm from it. > > I'd say the problem is that the template has some disks and as a > "UserTemplateBasedVm" only you are > not allowed to "Access Image Storage Domains"? > Thanks for pointing that out, I really didn't think the disk has permissions too :)
Because PowerUserRole has more permissions than UserTemplateBasedVm, so I think assigning PowerUserRole is enough to see the template in power user portal. Based on this thought, I did the following two experiment: 1. I assigned PowerUserRole to user A in Configure -> System Permissions, but after that I still cannot see template C in power user portal. The above role assignment result in user A having PowerUserRole inherited from System Permission, and based on [1], user A should have PowerUserRole on template C, right ? 2. Now based on 1 if I explicitly add PowerUserRole to user A on template C, I can see template C and create vms from it. For my understanding, the above two role assignment should have the same result. Any ideas? [1]: http://lists.ovirt.org/pipermail/engine-devel/2012-December/003229.html > For details about specific roles and what can be done by which role you > can have a look at: > webadmin -> "Configure" in top right corner -> "Roles" side tab -> pick a > specific role -> "Edit" button > > > > > So is this the expected behavior? I don't quite understand what > > userbasedtemplatevm is used for. I noticed that making template C public > > have the effect of assign userbasedtemplatevm to everyone, but that seems > > not enough to let everyone use it. > > > > My engine version is 3.3.4. > > > > Any ideas? thanks for any help! > > _______________________________________________ > > Users mailing list > > Users@ovirt.org > > http://lists.ovirt.org/mailman/listinfo/users > > >
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users