[ovirt-users] Permissions to Import VMs

Peter Wood peterwood.sd at gmail.com
Fri May 19 21:15:00 UTC 2017 

I did create a bug report and it was closed with the explanation that
UserVmManager role is not assigned because I'm using the Administration
portal... (???). What other portal do I use? Import/Export is Admin type
operation.

See here:
https://bugzilla.redhat.com/show_bug.cgi?id=1451501


Very simple steps to test it:

- Create a local user called LocalUserA

- Grant permissions to create VMs in DEV1 cluster and Import/Export VMs:

LocalUserA -> [PowerUserRole] -> DEV1 (Cluster)
LocalUserA -> [PowerUserRole] -> SAN (Storage Data Master)
LocalUserA -> [VmImporterExporter] -> DEV1 (Cluster)
LocalUserA -> [VmImporterExporter] -> SAN (Storage Data Master)
LocalUserA -> [VmImporterExporter] -> SD-Export (Storage Export type)

- Login to the Administration Portal as LocalUserA at internal

- Create a VM, Export the VM, Import the VM

  Role UserVmManager is not set for the imported VM.
  User LocalUserA can not even boot up the VM due to insufficient
permissions.

How do I setup LocalUserA so it can import VMs and work with them?

Thank you,

-- Peter


On Tue, May 16, 2017 at 4:11 AM, Arik Hadas <ahadas at redhat.com> wrote:

>
>
> On Mon, May 15, 2017 at 11:36 PM, Peter Wood <peterwood.sd at gmail.com>
> wrote:
>
>> Hi,
>>
>> I have a group of local users with permissions to create VMs, templates,
>> and VMs from templates. They are allowed to work only in one of the
>> clusters in the datacenter.
>>
>> Now I want one of the local users to be able to import VMs and convert
>> them into templates and I just can't find the recipe for that.
>>
>> The group has these permissions:
>>
>> LocalUsersGroup -> [PowerUserRole] -> DEV1 (Cluster)
>> LocalUsersGroup -> [PowerUserRole] -> SAN (Storage)
>> LocalUsersGroup -> [TemplateCreator] -> OFFICE (Datacenter)
>>
>> LocalUserA is part of LocalUsersGroup and should be able to:
>>   - Import a VM
>>   - Convert the VM to a template for everyone to use
>>   - Delete the VM
>>
>> I tried this: LocalUserA -> [VmImporterExporter] -> System
>>
>> LocalUserA can now import VMs and convert them to templates but it can't
>> delete the imported VMs. For some reason [UserVmManager] role is not
>> assigned to LocalUserA on the VMs that were imported.
>>
>
> Right, that seems to be a bug. The import operation should set the user
> that executes it with UserVmManager role on the imported VM, just like add
> VM does for regular VM creation.
> Could you please file a bug?
>
>
>>
>> Before I start messing around I'd appreciate somebody's else opinion on
>> how this should be done.
>>
>>
> Thank you for your time,
>>
>> -- Peter
>>
>>
>>
>> _______________________________________________
>> Users mailing list
>> Users at ovirt.org
>> http://lists.ovirt.org/mailman/listinfo/users
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ovirt.org/pipermail/users/attachments/20170519/1b04e63b/attachment.html>

More information about the Users mailing list