Re: [Engine-devel] Disk Permissions Feature

From: "Itamar Heim" <iheim(a)redhat.com&gt; To: "Omer Frenkel" <ofrenkel(a)redhat.com&gt; Cc: engine-devel(a)ovirt.org Sent: Thursday, March 15, 2012 5:46:07 PM Subject: Re: [Engine-devel] Disk Permissions Feature On 03/15/2012 05:34 PM, Omer Frenkel wrote: >>> > > 1. "Create disk - requires permissions on the Storage >>> > > Domain, >>> > > (can't >>> > > assume Quota is sufficient to permit user creating the disk >>> > > on the >>> > > Storage Domain, as Quota might be disabled)" >>> > > >>> > > I'd also specify create disk for regular disks is at >>> > > storage domain >>> > > level?, while direct lun disks require system level >>> > > permission of >>> > > add disk. >>> > > >>> > > so, if quota is disabled, how important is it to prevent >>> > > creation >>> > > of >>> > > disks (other than direct lun ones, which would require a >>> > > permission >>> > > similar to storage domain creation)? >>> > > >>> > > if this is added, it has to be implicitly added / not >>> > > needed if >>> > > user has >>> > > quota (i.e., having a quota should be similar to having a >>> > > permission as >>> > > far as the check goes). >>> > > >> > >> > We should look into it, how complicate is it to validate if >> > user has >> > either quota or permission, and allow creating a disk on a SD >> > if >> > either >> > exists. > this might be confusing to the user as he can disable the quota, > then stuff would stop working. > we can't require both quota and permissions from user on storage domains - that's cumbersome. question is if we can limit the need for permissions to disks only to places where they are needed (shared, direct, floating)?

_______________________________________________ Engine-devel mailing list Engine-devel(a)ovirt.org http://lists.ovirt.org/mailman/listinfo/engine-devel