[Engine-devel] Managing permissions on network
Moti Asayag
masayag at redhat.com
Tue Nov 13 14:04:40 UTC 2012
On 11/13/2012 03:42 PM, Itamar Heim wrote:
> On 11/13/2012 03:41 PM, Moti Asayag wrote:
>> On 11/13/2012 03:19 PM, Itamar Heim wrote:
>>> On 11/13/2012 12:45 PM, Livnat Peer wrote:
>>>> Interesting point, I think that if a user has permission to create a VM
>>>> from a specific template we should give him permission to use the
>>>> template networks on this VM implicitly upon the VM creation.
>>>
>>> having a permission to a template does not mean a permission to the
>>> default network of that VM, especially as we'll use templates more as
>>> instance types.
>>
>> If a user is the template's owner he should be capable to modify the its
>> nics. I'd expect the user will modify the networks of the template only
>> if he has permissions for the required network.
>
> true.
>
>> Else, a user can update the template's nics to any of cluster's network
>> and to create a VM with a network the user doesn't suppose to use.
>
> template having a default network doesn't mean user can create a vm with
> that network as well, if user doesn't have a permission to that network.
>
In that case, no permissions will be granted to template's user on upgrade.
More information about the Devel
mailing list