nvazquez opened a new issue, #10906: URL: https://github.com/apache/cloudstack/issues/10906
### problem When creating a ResourceAdmin account with special listing permissions on a domain with a dedicated zone, CloudStack is listing all the zones on the environment, instead of filtering them by domain and listing only the zone dedicated to this domain. This behaviour is only affecting zones listing, filtering is applied for pods and clusters and CloudStack is filtering them by the domain, excluding the rest of non-dedicated pods or clusters for that domain. ### versions ACS 4.18 onwards ### The steps to reproduce the bug 1. Create a new zone and a new domain, dedicate the zone to the domain 2. Create a new role based on the type = ResourceAdmin, and give them Allow permissions for these APIs: addCluster, listDedicatedZones, listDedicatedPods, listDedicatedClusters, listDedicatedHosts, listDedicatedGuestVlanRanges, listInfrastructure, listZonesMetrics, listClustersMetrics, listHostsMetrics, dedicateCluster (listInfrastructure API is needed for the user to see the Infrastructure tab in the UI, similarly listZonesMetrics, listClustersMetrics, listHostsMetrics to see zones, clusters and hosts within Infrastructure) 3. Create an account on the domain using the new role and log in Limitations: - I was able to list zones, however CloudStack is not filtering the zones and is displaying also the non-dedicated zones for the user, which should not be visible. - I was able to add a cluster on the dedicated zone, by choosing the correct zone on the add cluster wizard. Ideally CloudStack should have only listed the dedicated zone (same for hosts). ### What to do about it? _No response_ -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
