Re: [Engine-devel] Disk Permissions Feature

18 Mar 2012


      ----- Original Message -----
...
From: "Omer Frenkel" <ofrenkel@redhat.com>
To: "Oved Ourfalli" <ovedo@redhat.com>
Cc: engine-devel@ovirt.org
Sent: Sunday, March 18, 2012 11:27:33 AM
Subject: Re: [Engine-devel] Disk Permissions Feature
----- Original Message -----
...
From: "Oved Ourfalli" <ovedo@redhat.com>
To: "Itamar Heim" <iheim@redhat.com>
Cc: engine-devel@ovirt.org, "Omer Frenkel" <ofrenkel@redhat.com>
Sent: Sunday, March 18, 2012 11:09:54 AM
Subject: Re: [Engine-devel] Disk Permissions Feature
...
From: "Itamar Heim" <iheim@redhat.com>
To: "Omer Frenkel" <ofrenkel@redhat.com>
Cc: engine-devel@ovirt.org
Sent: Thursday, March 15, 2012 5:46:07 PM
Subject: Re: [Engine-devel] Disk Permissions Feature
On 03/15/2012 05:34 PM, Omer Frenkel wrote:
...
...
...
>  >  1. "Create disk - requires permissions on the Storage
>  >  Domain,
>  >  (can't
>  >  assume Quota is sufficient to permit user creating the
>  >  disk
>  >  on the
>  >  Storage Domain, as Quota might be disabled)"
>  >
>  >  I'd also specify create disk for regular disks is at
>  >  storage domain
>  >  level?, while direct lun disks require system level
>  >  permission of
>  >  add disk.
>  >
>  >  so, if quota is disabled, how important is it to
>  >  prevent
>  >  creation
>  >  of
>  >  disks (other than direct lun ones, which would require
>  >  a
>  >  permission
>  >  similar to storage domain creation)?
>  >
>  >  if this is added, it has to be implicitly added / not
>  >  needed if
>  >  user has
>  >  quota (i.e., having a quota should be similar to having
>  >  a
>  >  permission as
>  >  far as the check goes).
>  >
We should look into it, how complicate is it to validate if
 user has
 either quota or permission, and allow creating a disk on a
 SD
 if
 either
 exists.
this might be confusing to the user as he can disable the
quota,
then stuff would stop working.
we can't require both quota and permissions from user on storage
domains
- that's cumbersome.
question is if we can limit the need for permissions to disks
only
to
places where they are needed (shared, direct, floating)?
+1 on that.
I also think it is only relevant on attaching a disk to a VM, as
----- Original Message -----
the
other use-cases are simpler:
1. Attach disk to VM - would require having permissions on the disk
(whether it is shared, direct lun or floating)
2. Add disk to VM - would only require quota (if enforced).
3. Create disk (i.e., floating/shared disk) - would only require
quota (if enforced).
and if not enforced? anyone can create as much disks as he like?
we thought of requiring permissions if quota is disabled,
but i think its confusing to the user as he plays with
You are right. Need to think this through...
Also, we need to get a better understanding on the use-cases for floating/shared disk... who is supposed to create them, and who to attach...
...
...
...
_______________________________________________
Engine-devel mailing list
Engine-devel@ovirt.org
http://lists.ovirt.org/mailman/listinfo/engine-devel
_______________________________________________
Engine-devel mailing list
Engine-devel@ovirt.org
http://lists.ovirt.org/mailman/listinfo/engine-devel