[Engine-devel] Disk Permissions Feature

Einav Cohen ecohen at redhat.com
Mon Mar 19 10:47:42 UTC 2012 

1.
According to the wiki, these are the new Action Groups that will be added:
 CREATE_DISK - AddDisk, AddDiskToVm
 EDIT_DISK_PROPERTIES - UpdateDisk, UpdateVM, Activate/Deactivate
 ATTACH_DISK - AttachDiskToVm
 CONFIGURE_DISK_STORAGE - MoveOrCopyDisk
 DELETE_DISK - RemoveDisk, RemoveVm

Currently we have:
CONFIGURE_VM_STORAGE - AddDiskToVm, RemoveDisksFromVm, UpdateVmDisk

So, since "AddDiskToVm" has moved to "CREATE_DISK", it will now be:
CONFIGURE_VM_STORAGE - RemoveDisksFromVm, UpdateVmDisk

- Is there a difference between RemoveDisk and RemoveDisksFromVm? If so, what is the difference?
- Is there a difference between UpdateDisk and UpdateVmDisk? If so, what is the difference?
[If answer to both questions is "no", CONFIGURE_VM_STORAGE action-group should be removed; this should be considered in the upgrade process]

2. [Michael/Daniel] (more related to the floating disks feature): In which Action Group will "DetachDiskFromVm" reside?

3. "Updated Roles: VM Operator should be extended with permissions on Disk" - note that all other pre-defined roles that have "UpdateVM" within them (and most of them do, AFAIK) should also be extended with the extra Disk-related ActionGroups (otherwise we can reach strange situations in which a Cluster Admin can do everything in his cluster except manipulate Disks in his VMs, for example).

4. "Upgrade DB: Add Disk Operator role to users that have VM Operators to allow permissions on Disks": 
- I assume that you mean that Disk Operator *permissions* should be added on the relevant *Disks* to the "VM Operator" users.
- I suggest to add these during upgrade not only for "VM Operators" but for all users that have a direct permission on a VM which is associated with any Role that contains the action "UpdateVM".

5. GUI will need a new query: GetAllAttachableDisks. 
 - This query should be an Admin + User query and will have two "flavors": Admin and User (using the "isFiltered" property).
 - With "isFiltered = false" (will be used for the admin portal), it should return a list of all floating and/or sharable disks.
 - With "isFiltered = true" (will be used in the power user portal), it should return a list of all floating and/or sharable disks on which the user has permissions.


----
Thanks,
Einav

----- Original Message -----
> From: "Moti Asayag" <masayag at redhat.com>
> To: engine-devel at ovirt.org
> Sent: Wednesday, March 14, 2012 2:20:18 AM
> Subject: [Engine-devel] Disk Permissions Feature
> 
> Hi all,
> 
> Disk Permissions feature description Wiki page:
> http://www.ovirt.org/wiki/Features/DiskPermissions
> 
> Please share your comments.
> 
> Thanks,
> Moti
> 
> _______________________________________________
> Engine-devel mailing list
> Engine-devel at ovirt.org
> http://lists.ovirt.org/mailman/listinfo/engine-devel
>

More information about the Devel mailing list