[Engine-devel] Managing permissions on network

Livnat Peer lpeer at redhat.com
Tue Nov 13 13:37:34 UTC 2012


On 13/11/12 15:19, Itamar Heim wrote:
> On 11/13/2012 12:45 PM, Livnat Peer wrote:
>> Interesting point, I think that if a user has permission to create a VM
>> from a specific template we should give him permission to use the
>> template networks on this VM implicitly upon the VM creation.
> 
> having a permission to a template does not mean a permission to the
> default network of that VM, especially as we'll use templates more as
> instance types.

Another alternative is to require permission on the network as well as
the template.
I must say I don't really like it, although I agree with your comment,
we require too many operations for enabling a user to create a VM from
template (permission on the template, quota on the storage, permissions
on the network, next we'll require a PHD ;)).

Anyone has a better idea?

Livnat



More information about the Devel mailing list