On Sat, May 20, 2017 at 12:15 AM, Peter Wood <peterwood.sd@gmail.com> wrote:

I did create a bug report and it was closed with the explanation that UserVmManager role is not assigned because I'm using the Administration portal... (???). What other portal do I use? Import/Export is Admin type operation.

See here:
https://bugzilla.redhat.com/show_bug.cgi?id=1451501

Very simple steps to test it:

- Create a local user called LocalUserA

- Grant permissions to create VMs in DEV1 cluster and Import/Export VMs:

LocalUserA -> [PowerUserRole] -> DEV1 (Cluster)
LocalUserA -> [PowerUserRole] -> SAN (Storage Data Master)
LocalUserA -> [VmImporterExporter] -> DEV1 (Cluster)
LocalUserA -> [VmImporterExporter] -> SAN (Storage Data Master)
LocalUserA -> [VmImporterExporter] -> SD-Export (Storage Export type)

- Login to the Administration Portal as LocalUserA@internal

- Create a VM, Export the VM, Import the VM

Role UserVmManager is not set for the imported VM.
User LocalUserA can not even boot up the VM due to insufficient permissions.

How do I setup LocalUserA so it can import VMs and work with them?

Thanks for this information Peter.

I proposed a patch. Let's discuss it in bugzilla.

Thank you,

-- Peter

On Tue, May 16, 2017 at 4:11 AM, Arik Hadas <ahadas@redhat.com> wrote:

On Mon, May 15, 2017 at 11:36 PM, Peter Wood <peterwood.sd@gmail.com> wrote:
Hi,

I have a group of local users with permissions to create VMs, templates, and VMs from templates. They are allowed to work only in one of the clusters in the datacenter.

Now I want one of the local users to be able to import VMs and convert them into templates and I just can't find the recipe for that.

The group has these permissions:

LocalUsersGroup -> [PowerUserRole] -> DEV1 (Cluster)
LocalUsersGroup -> [PowerUserRole] -> SAN (Storage)
LocalUsersGroup -> [TemplateCreator] -> OFFICE (Datacenter)

LocalUserA is part of LocalUsersGroup and should be able to:
- Import a VM
- Convert the VM to a template for everyone to use
- Delete the VM

I tried this: LocalUserA -> [VmImporterExporter] -> System

LocalUserA can now import VMs and convert them to templates but it can't delete the imported VMs. For some reason [UserVmManager] role is not assigned to LocalUserA on the VMs that were imported.

Right, that seems to be a bug. The import operation should set the user that executes it with UserVmManager role on the imported VM, just like add VM does for regular VM creation.
Could you please file a bug?

Before I start messing around I'd appreciate somebody's else opinion on how this should be done.

Thank you for your time,

-- Peter

_______________________________________________
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users