[Engine-devel] Managing permissions on network
Itamar Heim
iheim at redhat.com
Tue Nov 13 13:42:54 UTC 2012
On 11/13/2012 03:41 PM, Moti Asayag wrote:
> On 11/13/2012 03:19 PM, Itamar Heim wrote:
>> On 11/13/2012 12:45 PM, Livnat Peer wrote:
>>> Interesting point, I think that if a user has permission to create a VM
>>> from a specific template we should give him permission to use the
>>> template networks on this VM implicitly upon the VM creation.
>>
>> having a permission to a template does not mean a permission to the
>> default network of that VM, especially as we'll use templates more as
>> instance types.
>
> If a user is the template's owner he should be capable to modify the its
> nics. I'd expect the user will modify the networks of the template only
> if he has permissions for the required network.
true.
> Else, a user can update the template's nics to any of cluster's network
> and to create a VM with a network the user doesn't suppose to use.
template having a default network doesn't mean user can create a vm with
that network as well, if user doesn't have a permission to that network.
More information about the Devel
mailing list