On 11/13/2012 03:42 PM, Itamar Heim wrote:
On 11/13/2012 03:41 PM, Moti Asayag wrote:
> On 11/13/2012 03:19 PM, Itamar Heim wrote:
>> On 11/13/2012 12:45 PM, Livnat Peer wrote:
>>> Interesting point, I think that if a user has permission to create a VM
>>> from a specific template we should give him permission to use the
>>> template networks on this VM implicitly upon the VM creation.
>>
>> having a permission to a template does not mean a permission to the
>> default network of that VM, especially as we'll use templates more as
>> instance types.
>
> If a user is the template's owner he should be capable to modify the its
> nics. I'd expect the user will modify the networks of the template only
> if he has permissions for the required network.
true.
> Else, a user can update the template's nics to any of cluster's network
> and to create a VM with a network the user doesn't suppose to use.
template having a default network doesn't mean user can create a vm with
that network as well, if user doesn't have a permission to that network.
In that case, no permissions will be granted to template's user on upgrade.