On 11/13/2012 03:37 PM, Livnat Peer wrote:
On 13/11/12 15:19, Itamar Heim wrote:
On 11/13/2012 12:45 PM, Livnat Peer wrote:
Interesting point, I think that if a user has permission to create a VM from a specific template we should give him permission to use the template networks on this VM implicitly upon the VM creation.
having a permission to a template does not mean a permission to the default network of that VM, especially as we'll use templates more as instance types.
Another alternative is to require permission on the network as well as the template. I must say I don't really like it, although I agree with your comment, we require too many operations for enabling a user to create a VM from template (permission on the template, quota on the storage, permissions on the network, next we'll require a PHD ;)).
Anyone has a better idea?
I assume most networks would be given either to 'everyone' or groups of users, not per user (and if the network is per user/tenant, then it must be done per user. i may not remember correctly, but i thought when giving quota to user we also give some permissions with it (on cluster and storage)?