yes, you should be able to verify this in the webadmin->template main tab->permissions subtab> To: "Tomas Jelinek" <tjelinek@redhat.com>
> Cc: "Users@ovirt.org List" <users@ovirt.org>
> Sent: Wednesday, April 16, 2014 8:15:43 PM
> Subject: Re: [ovirt-users] Question about power user and public template
>
> 2014-04-14 15:18 GMT+08:00 Tomas Jelinek <tjelinek@redhat.com>:
>
> >
> >
> > ----- Original Message -----
> > > From: "plysan" <plysab@gmail.com>
> > > To: users@ovirt.org
> > > Sent: Sunday, April 13, 2014 3:52:55 AM
> > > Subject: [ovirt-users] Question about power user and public template
> > >
> > > Hi,
> > >
> > > Currently I have run into a problem about permissions when creating vm
> > from
> > > template.
> > >
> > > Say if non admin user A in power user portal want to create vm from
> > template
> > > C created by non admin user B, I found out that A need to have both power
> > > user role and userbasedtemplatevm role to make it work. If i only assign
> > > userbasedtemplatevm to C, A can only view the template in power user
> > portal
> > > but not able to create vm from it.
> >
> > I'd say the problem is that the template has some disks and as a
> > "UserTemplateBasedVm" only you are
> > not allowed to "Access Image Storage Domains"?
> >
> Thanks for pointing that out, I really didn't think the disk has
> permissions too :)
>
> Because PowerUserRole has more permissions than UserTemplateBasedVm, so I
> think assigning PowerUserRole is enough to see the template in power user
> portal. Based on this thought, I did the following two experiment:
>
> 1. I assigned PowerUserRole to user A in Configure -> System Permissions,
> but after that I still cannot see template C in power user portal.
> The above role assignment result in user A having PowerUserRole inherited
> from System Permission, and based on [1], user A should have PowerUserRole
> on template C, right ?
but it should already be there. And also, since you have created the template as public "everyone" should have the
>
> 2. Now based on 1 if I explicitly add PowerUserRole to user A on template
> C, I can see template C and create vms from it.
"UserTemplateBasedVm" on it. You could verify this on the same subtab.
so, if you have a template on which "everyone" has "UserTemplateBasedVm" and a user with "PowerUserRole" and you can not see it in the userportal,
>
> For my understanding, the above two role assignment should have the same
> result.
>
> Any ideas?
it should be a bug. But for me it seems working on current upstream code...
>
> [1]:
> http://lists.ovirt.org/pipermail/engine-devel/2012-December/003229.html
>
>
> > For details about specific roles and what can be done by which role you
> > can have a look at:
> > webadmin -> "Configure" in top right corner -> "Roles" side tab -> pick a
> > specific role -> "Edit" button
> >
> > >
> > > So is this the expected behavior? I don't quite understand what
> > > userbasedtemplatevm is used for. I noticed that making template C public
> > > have the effect of assign userbasedtemplatevm to everyone, but that seems
> > > not enough to let everyone use it.
> > >
> > > My engine version is 3.3.4.
> > >
> > > Any ideas? thanks for any help!
> > > _______________________________________________
> > > Users mailing list
> > > Users@ovirt.org
> > > http://lists.ovirt.org/mailman/listinfo/users
> > >
> >
>