[Engine-devel] Disk Permissions Feature

Moti Asayag masayag at redhat.com
Mon Mar 19 16:55:57 UTC 2012 

On 03/19/2012 12:47 PM, Einav Cohen wrote:
> 1.
> According to the wiki, these are the new Action Groups that will be added:
>  CREATE_DISK - AddDisk, AddDiskToVm
>  EDIT_DISK_PROPERTIES - UpdateDisk, UpdateVM, Activate/Deactivate
>  ATTACH_DISK - AttachDiskToVm
>  CONFIGURE_DISK_STORAGE - MoveOrCopyDisk
>  DELETE_DISK - RemoveDisk, RemoveVm
> 
> Currently we have:
> CONFIGURE_VM_STORAGE - AddDiskToVm, RemoveDisksFromVm, UpdateVmDisk
> 
> So, since "AddDiskToVm" has moved to "CREATE_DISK", it will now be:
> CONFIGURE_VM_STORAGE - RemoveDisksFromVm, UpdateVmDisk
> 
> - Is there a difference between RemoveDisk and RemoveDisksFromVm? If so, what is the difference?
> - Is there a difference between UpdateDisk and UpdateVmDisk? If so, what is the difference?
> [If answer to both questions is "no", CONFIGURE_VM_STORAGE action-group should be removed; this should be considered in the upgrade process]

This point should be taken into consideration when design/implementation
of new verbs (RemoveDisk / UpdateDisk ) is done.

> 
> 2. [Michael/Daniel] (more related to the floating disks feature): In which Action Group will "DetachDiskFromVm" reside?
> 
> 3. "Updated Roles: VM Operator should be extended with permissions on Disk" - note that all other pre-defined roles that have "UpdateVM" within them (and most of them do, AFAIK) should also be extended with the extra Disk-related ActionGroups (otherwise we can reach strange situations in which a Cluster Admin can do everything in his cluster except manipulate Disks in his VMs, for example).

Updated wiki:
http://www.ovirt.org/wiki/Features/DiskPermissions#Updated_Roles

> 
> 4. "Upgrade DB: Add Disk Operator role to users that have VM Operators to allow permissions on Disks": 
> - I assume that you mean that Disk Operator *permissions* should be added on the relevant *Disks* to the "VM Operator" users.
> - I suggest to add these during upgrade not only for "VM Operators" but for all users that have a direct permission on a VM which is associated with any Role that contains the action "UpdateVM".
> 

Updated wiki:
http://www.ovirt.org/wiki/Features/DiskPermissions#Upgrade_DB

> 5. GUI will need a new query: GetAllAttachableDisks. 
>  - This query should be an Admin + User query and will have two "flavors": Admin and User (using the "isFiltered" property).
>  - With "isFiltered = false" (will be used for the admin portal), it should return a list of all floating and/or sharable disks.
>  - With "isFiltered = true" (will be used in the power user portal), it should return a list of all floating and/or sharable disks on which the user has permissions.
> 
> 
> ----
> Thanks,
> Einav
> 
> ----- Original Message -----
>> From: "Moti Asayag" <masayag at redhat.com>
>> To: engine-devel at ovirt.org
>> Sent: Wednesday, March 14, 2012 2:20:18 AM
>> Subject: [Engine-devel] Disk Permissions Feature
>>
>> Hi all,
>>
>> Disk Permissions feature description Wiki page:
>> http://www.ovirt.org/wiki/Features/DiskPermissions
>>
>> Please share your comments.
>>
>> Thanks,
>> Moti
>>
>> _______________________________________________
>> Engine-devel mailing list
>> Engine-devel at ovirt.org
>> http://lists.ovirt.org/mailman/listinfo/engine-devel
>>

More information about the Devel mailing list