[
https://issues.apache.org/jira/browse/CLOUDSTACK-8077?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14250342#comment-14250342
]
Min Chen commented on CLOUDSTACK-8077:
--------------------------------------
In service layer, we incorrectly perform template permission check by checking
if VM owner has permission to the template owner, which caused the error.
Instead we should perform permission by checking if VM owner has permission to
the template. Fixed with above commit.
> Not able to deploy VM using a shared template.
> ----------------------------------------------
>
> Key: CLOUDSTACK-8077
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-8077
> Project: CloudStack
> Issue Type: Bug
> Security Level: Public(Anyone can view this level - this is the
> default.)
> Components: IAM
> Affects Versions: 4.4.0
> Reporter: Min Chen
> Assignee: Min Chen
> Priority: Critical
> Fix For: 4.5.0
>
>
> Steps to reproduce the problem:
> Create 2 users under ROOT - san1 and san2
> As san1:
> 1. Register a template(private)
> 2. Update template permission , so that it is shared with san2.
> 3. Listing template permission , shows that this template is shared with san2.
> 4. As san2 , Listing templates with templatefilter=shared , lists template
> test1 that was shared with san2.
> 5. As use san2 , try to deploy VM using the shared template - test1.
> This errors out following error message and return code- 531
> "Acct[c4c843e4-98a4-4384-9410-281243dfaa88-san2] does not have permission to
> operate with resource Acct[08dd8e5e-bb06-40fc-9a94-9eed073a358a-san1]"
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
