[Engine-devel] Disk Permissions Feature
Einav Cohen
ecohen at redhat.com
Mon Mar 19 10:47:42 UTC 2012
1.
According to the wiki, these are the new Action Groups that will be added:
CREATE_DISK - AddDisk, AddDiskToVm
EDIT_DISK_PROPERTIES - UpdateDisk, UpdateVM, Activate/Deactivate
ATTACH_DISK - AttachDiskToVm
CONFIGURE_DISK_STORAGE - MoveOrCopyDisk
DELETE_DISK - RemoveDisk, RemoveVm
Currently we have:
CONFIGURE_VM_STORAGE - AddDiskToVm, RemoveDisksFromVm, UpdateVmDisk
So, since "AddDiskToVm" has moved to "CREATE_DISK", it will now be:
CONFIGURE_VM_STORAGE - RemoveDisksFromVm, UpdateVmDisk
- Is there a difference between RemoveDisk and RemoveDisksFromVm? If so, what is the difference?
- Is there a difference between UpdateDisk and UpdateVmDisk? If so, what is the difference?
[If answer to both questions is "no", CONFIGURE_VM_STORAGE action-group should be removed; this should be considered in the upgrade process]
2. [Michael/Daniel] (more related to the floating disks feature): In which Action Group will "DetachDiskFromVm" reside?
3. "Updated Roles: VM Operator should be extended with permissions on Disk" - note that all other pre-defined roles that have "UpdateVM" within them (and most of them do, AFAIK) should also be extended with the extra Disk-related ActionGroups (otherwise we can reach strange situations in which a Cluster Admin can do everything in his cluster except manipulate Disks in his VMs, for example).
4. "Upgrade DB: Add Disk Operator role to users that have VM Operators to allow permissions on Disks":
- I assume that you mean that Disk Operator *permissions* should be added on the relevant *Disks* to the "VM Operator" users.
- I suggest to add these during upgrade not only for "VM Operators" but for all users that have a direct permission on a VM which is associated with any Role that contains the action "UpdateVM".
5. GUI will need a new query: GetAllAttachableDisks.
- This query should be an Admin + User query and will have two "flavors": Admin and User (using the "isFiltered" property).
- With "isFiltered = false" (will be used for the admin portal), it should return a list of all floating and/or sharable disks.
- With "isFiltered = true" (will be used in the power user portal), it should return a list of all floating and/or sharable disks on which the user has permissions.
----
Thanks,
Einav
----- Original Message -----
> From: "Moti Asayag" <masayag at redhat.com>
> To: engine-devel at ovirt.org
> Sent: Wednesday, March 14, 2012 2:20:18 AM
> Subject: [Engine-devel] Disk Permissions Feature
>
> Hi all,
>
> Disk Permissions feature description Wiki page:
> http://www.ovirt.org/wiki/Features/DiskPermissions
>
> Please share your comments.
>
> Thanks,
> Moti
>
> _______________________________________________
> Engine-devel mailing list
> Engine-devel at ovirt.org
> http://lists.ovirt.org/mailman/listinfo/engine-devel
>
More information about the Engine-devel
mailing list