Tal Nisan has submitted this change and it was merged. Change subject: core: Added Roles and groups for cpu profiling ...................................................................... core: Added Roles and groups for cpu profiling The following CPU Profiles were added in order to prevent unauthorized access to cpu profiles: CpuProfileOperator - Will have the ability to Assign CPU Profile to VMs. CpuProfileCreator - Will have the ability to Create/Update/Delete and Assign CPU Profile to VMs. Action groups that were added to engine and REST API: Create CPU Profile, Update CPU Profile, Remove CPU Profile, Assign CPU Profile. Roles that were granted Create/Update/Delete and Assign permissions for cpu profiles (Same as CpuProfileCreator + CpuProfileOperator): SuperUser, PowerUser, ClusterAdmin, DataCenterAdmin. Other roles that were granted permission same as the ones for CpuProfileOperator: CpuProfileCreator, UserVmManager, VmPoolAdmin, VmCreator, UserTemplateBasedVm and UserVmRuntimeManager. Before this patch, any user that had permissions for the cluster associated with the CPU Profile, could Create/Update/Delete and Assign it. The Data Access Objects tests(DAO tests) were changed inorder to comply with the new behaviour. Change-Id: I8217f0146d83afe3ae740bd1d1e37825091ed206 Bug-Url: https://bugzilla.redhat.com/1143869 Bug-Url: https://bugzilla.redhat.com/1310541 Signed-off-by: Tomer Saban <tsaban@redhat.com> Signed-off-by: Martin Sivak <msivak@redhat.com> --- M backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/PredefinedRoles.java M backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/businessentities/ActionGroup.java M backend/manager/modules/dal/src/test/java/org/ovirt/engine/core/dao/FixturesTool.java M backend/manager/modules/dal/src/test/java/org/ovirt/engine/core/dao/RoleDaoTest.java M backend/manager/modules/dal/src/test/resources/fixtures.xml M backend/manager/modules/restapi/interface/definition/src/main/java/org/ovirt/engine/api/model/PermitType.java M packaging/dbscripts/cpu_profiles_sp.sql M packaging/dbscripts/create_views.sql A packaging/dbscripts/upgrade/03_06_2040_attach_cpu_profile_permissions.sql A packaging/dbscripts/upgrade/03_06_2050_create_index_cpu_profiles.sql 10 files changed, 249 insertions(+), 26 deletions(-) Approvals: Sandro Bonazzola: Looks good to me, but someone else must approve Martin Sivák: Verified Jenkins CI: Passed CI tests Roy Golan: Looks good to me, approved -- To view, visit https://gerrit.ovirt.org/53912 To unsubscribe, visit https://gerrit.ovirt.org/settings Gerrit-MessageType: merged Gerrit-Change-Id: I8217f0146d83afe3ae740bd1d1e37825091ed206 Gerrit-PatchSet: 2 Gerrit-Project: ovirt-engine Gerrit-Branch: ovirt-engine-3.6.3 Gerrit-Owner: Martin Sivák <msivak@redhat.com> Gerrit-Reviewer: Jenkins CI Gerrit-Reviewer: Martin Sivák <msivak@redhat.com> Gerrit-Reviewer: Piotr Kliczewski <piotr.kliczewski@gmail.com> Gerrit-Reviewer: Roy Golan <rgolan@redhat.com> Gerrit-Reviewer: Sandro Bonazzola <sbonazzo@redhat.com> Gerrit-Reviewer: Tal Nisan <tnisan@redhat.com> Gerrit-Reviewer: Tomer Saban <tsaban@redhat.com>