Re: [Engine-devel] Managing permissions on network
On 11/13/2012 03:37 PM, Livnat Peer wrote:
On 13/11/12 15:19, Itamar Heim wrote:
> On 11/13/2012 12:45 PM, Livnat Peer wrote:
>> Interesting point, I think that if a user has permission to create a VM
>> from a specific template we should give him permission to use the
>> template networks on this VM implicitly upon the VM creation.
>
> having a permission to a template does not mean a permission to the
> default network of that VM, especially as we'll use templates more as
> instance types.
Another alternative is to require permission on the network as well as
the template.
I must say I don't really like it, although I agree with your comment,
we require too many operations for enabling a user to create a VM from
template (permission on the template, quota on the storage, permissions
on the network, next we'll require a PHD ;)).
Anyone has a better idea?
I assume most networks would be given either to 'everyone' or groups of
users, not per user (and if the network is per user/tenant, then it must
be done per user.
i may not remember correctly, but i thought when giving quota to user we
also give some permissions with it (on cluster and storage)?