[ovirt-users] Permissions to Import VMs

Arik Hadas ahadas at redhat.com
Sat May 20 17:25:42 UTC 2017 

On Sat, May 20, 2017 at 12:15 AM, Peter Wood <peterwood.sd at gmail.com> wrote:

> I did create a bug report and it was closed with the explanation that
> UserVmManager role is not assigned because I'm using the Administration
> portal... (???). What other portal do I use? Import/Export is Admin type
> operation.
>
> See here:
> https://bugzilla.redhat.com/show_bug.cgi?id=1451501
>
>
> Very simple steps to test it:
>
> - Create a local user called LocalUserA
>
> - Grant permissions to create VMs in DEV1 cluster and Import/Export VMs:
>
> LocalUserA -> [PowerUserRole] -> DEV1 (Cluster)
> LocalUserA -> [PowerUserRole] -> SAN (Storage Data Master)
> LocalUserA -> [VmImporterExporter] -> DEV1 (Cluster)
> LocalUserA -> [VmImporterExporter] -> SAN (Storage Data Master)
> LocalUserA -> [VmImporterExporter] -> SD-Export (Storage Export type)
>
> - Login to the Administration Portal as LocalUserA at internal
>
> - Create a VM, Export the VM, Import the VM
>
>   Role UserVmManager is not set for the imported VM.
>   User LocalUserA can not even boot up the VM due to insufficient
> permissions.
>
> How do I setup LocalUserA so it can import VMs and work with them?
>
>
Thanks for this information Peter.
I proposed a patch. Let's discuss it in bugzilla.


> Thank you,
>
> -- Peter
>
>
> On Tue, May 16, 2017 at 4:11 AM, Arik Hadas <ahadas at redhat.com> wrote:
>
>>
>>
>> On Mon, May 15, 2017 at 11:36 PM, Peter Wood <peterwood.sd at gmail.com>
>> wrote:
>>
>>> Hi,
>>>
>>> I have a group of local users with permissions to create VMs, templates,
>>> and VMs from templates. They are allowed to work only in one of the
>>> clusters in the datacenter.
>>>
>>> Now I want one of the local users to be able to import VMs and convert
>>> them into templates and I just can't find the recipe for that.
>>>
>>> The group has these permissions:
>>>
>>> LocalUsersGroup -> [PowerUserRole] -> DEV1 (Cluster)
>>> LocalUsersGroup -> [PowerUserRole] -> SAN (Storage)
>>> LocalUsersGroup -> [TemplateCreator] -> OFFICE (Datacenter)
>>>
>>> LocalUserA is part of LocalUsersGroup and should be able to:
>>>   - Import a VM
>>>   - Convert the VM to a template for everyone to use
>>>   - Delete the VM
>>>
>>> I tried this: LocalUserA -> [VmImporterExporter] -> System
>>>
>>> LocalUserA can now import VMs and convert them to templates but it can't
>>> delete the imported VMs. For some reason [UserVmManager] role is not
>>> assigned to LocalUserA on the VMs that were imported.
>>>
>>
>> Right, that seems to be a bug. The import operation should set the user
>> that executes it with UserVmManager role on the imported VM, just like add
>> VM does for regular VM creation.
>> Could you please file a bug?
>>
>>
>>>
>>> Before I start messing around I'd appreciate somebody's else opinion on
>>> how this should be done.
>>>
>>>
>> Thank you for your time,
>>>
>>> -- Peter
>>>
>>>
>>>
>>> _______________________________________________
>>> Users mailing list
>>> Users at ovirt.org
>>> http://lists.ovirt.org/mailman/listinfo/users
>>>
>>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ovirt.org/pipermail/users/attachments/20170520/2ea01aaf/attachment.html>

More information about the Users mailing list