[Engine-devel] Disk Permissions Feature
Itamar Heim
iheim at redhat.com
Thu Mar 15 15:46:07 UTC 2012
On 03/15/2012 05:34 PM, Omer Frenkel wrote:
>>> > > 1. "Create disk - requires permissions on the Storage Domain,
>>> > > (can't
>>> > > assume Quota is sufficient to permit user creating the disk on the
>>> > > Storage Domain, as Quota might be disabled)"
>>> > >
>>> > > I'd also specify create disk for regular disks is at storage domain
>>> > > level?, while direct lun disks require system level permission of
>>> > > add disk.
>>> > >
>>> > > so, if quota is disabled, how important is it to prevent creation
>>> > > of
>>> > > disks (other than direct lun ones, which would require a permission
>>> > > similar to storage domain creation)?
>>> > >
>>> > > if this is added, it has to be implicitly added / not needed if
>>> > > user has
>>> > > quota (i.e., having a quota should be similar to having a
>>> > > permission as
>>> > > far as the check goes).
>>> > >
>> >
>> > We should look into it, how complicate is it to validate if user has
>> > either quota or permission, and allow creating a disk on a SD if
>> > either
>> > exists.
> this might be confusing to the user as he can disable the quota,
> then stuff would stop working.
>
we can't require both quota and permissions from user on storage domains
- that's cumbersome.
question is if we can limit the need for permissions to disks only to
places where they are needed (shared, direct, floating)?
More information about the Engine-devel
mailing list