[ovirt-users] [3.6] User can't create a VM. No permission for EDIT_ADMIN_VM_PROPERTIES

Mon Nov 23 10:14:17 UTC 2015

----- Original Message -----
> From: "Maksim Naumov" <maksim.naumov at hitmeister.de>
> To: "users" <users at ovirt.org>
> Sent: Monday, November 23, 2015 11:18:09 AM
> Subject: Re: [ovirt-users] [3.6] User can't create a VM. No permission for	EDIT_ADMIN_VM_PROPERTIES
> 
> CPU pinning topology is also not used in this template. And even there is no
> settings in the user interface to change it.
> 
> So, currently no one user is able to create new VM.

Seems to me as a bug 
Can you please open a bug, attach all relevant logs and also fully describe the template that you attempt to use to create the VM?

> 
> On Mon, Nov 23, 2015 at 8:54 AM, Maksim Naumov < maksim.naumov at hitmeister.de
> > wrote:
> 
> 
> 
> As I was able to understand this error mean that user tried to rewrite the
> destination host of VM. But the problem is that there is no setting like
> this in the user interface. User can't change the destination 100%. It is
> not hardcoded in the template settings because he was trying to run Base
> template (which is not attached to any host).
> 
> On Mon, Nov 23, 2015 at 8:36 AM, Maksim Naumov < maksim.naumov at hitmeister.de
> > wrote:
> 
> 
> 
> Hello
> 
> I faced with the problem. The user can;t create a VM. The user has
> PowerUserRole on Cluster. He tried to create a VM with a base template and
> had no success.
> 
> Here some lines from log. Have no idea why it wants for
> EDIT_ADMIN_VM_PROPERTIES permission for user?
> 
> 2015-11-20 16:42:10,888 DEBUG [org.ovirt.engine.core.bll.AddVmCommand]
> (default task-160) [2f0eb905] Checking whether user
> 'acc9ced5-a764-4d60-84d7-db4b4a498a18' or one of the groups he is member of,
> have the following permissions: ID: a303bbca-af20-4de5-9eff-01c52d3bf615
> Type: VdsGroupsAction group CREATE_VM with role type USER, ID:
> 00000000-0000-0000-0000-000000000000 Type: VmTemplateAction group CREATE_VM
> with role type USER, ID: a303bbca-af20-4de5-9eff-01c52d3bf615 Type:
> VdsGroupsAction group EDIT_ADMIN_VM_PROPERTIES with role type ADMIN
> 2015-11-20 16:42:10,890 DEBUG [org.ovirt.engine.core.bll.AddVmCommand]
> (default task-160) [2f0eb905] Found permission
> '129c57bb-df56-4529-93d9-52db0265263f' for user when running 'AddVm', on
> 'Cluster' with id 'a303bbca-af20-4de5-9eff-01c52d3bf615'
> 2015-11-20 16:42:10,893 DEBUG [org.ovirt.engine.core.bll.AddVmCommand]
> (default task-160) [2f0eb905] Found permission
> '00000004-0004-0004-0004-000000000355' for user when running 'AddVm', on
> 'Template' with id '00000000-0000-0000-0000-000000000000'
> 2015-11-20 16:42:10,894 DEBUG [org.ovirt.engine.core.bll.AddVmCommand]
> (default task-160) [2f0eb905] No permission found for user when running
> action 'AddVm', on object 'Cluster' for action group
> 'EDIT_ADMIN_VM_PROPERTIES' with id 'a303bbca-af20-4de5-9eff-01c52d3bf615'.
> 2015-11-20 16:42:10,894 WARN [org.ovirt.engine.core.bll.AddVmCommand]
> (default task-160) [2f0eb905] CanDoAction of action 'AddVm' failed for user
> vincent.engel at hitmeister.de@ hitmeister.de . Reasons:
> VAR__ACTION__ADD,VAR__TYPE__VM,USER_NOT_AUTHORIZED_TO_PERFORM_ACTION
> 
> --
> Maksim Naumov
> Hitmeister GmbH
> Softwareentwickler
> 
> Habsburgerring 2
> 50674 Köln
> 
> E: maksim.naumov at hitmeister.de
> www.hitmeister.de
> 
> HRB 59046, Amtsgericht Köln
> Geschäftsführer: Dr. Gerald Schönbucher
> 
> 
> 
> --
> Maksim Naumov
> Hitmeister GmbH
> Softwareentwickler
> 
> Habsburgerring 2
> 50674 Köln
> 
> E: maksim.naumov at hitmeister.de
> www.hitmeister.de
> 
> HRB 59046, Amtsgericht Köln
> Geschäftsführer: Dr. Gerald Schönbucher
> 
> 
> 
> --
> Maksim Naumov
> Hitmeister GmbH
> Softwareentwickler
> 
> Habsburgerring 2
> 50674 Köln
> 
> E: maksim.naumov at hitmeister.de
> www.hitmeister.de
> 
> HRB 59046, Amtsgericht Köln
> Geschäftsführer: Dr. Gerald Schönbucher
> 
> _______________________________________________
> Users mailing list
> Users at ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
> 