[
https://issues.apache.org/jira/browse/CLOUDSTACK-9137?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15051215#comment-15051215
]
ASF GitHub Bot commented on CLOUDSTACK-9137:
--------------------------------------------
Github user remibergsma commented on the pull request:
https://github.com/apache/cloudstack/pull/1213#issuecomment-163683468
It seems this is more complex than it seemed. Since we've to put in a
'physical network id' (which is obviously owned by ROOT domain, this does not
work yet.
Creating fails:
```
(admin) 🐵 > create privategateway gateway=1.2.3.4 ipaddress=4.3.2.1
netmask=255.255.255.0 vpcid=cc80ae2c-c3ad-4ea3-96f4-dc40970c81e4
vlan="lswitch://uuid"
Error 531: Acct[74caa349-7f41-4e1a-b4b1-d386c0c2a1a2-rbergsma] does not
have permission to operate within domain id=9c2baf29-9846-11e5-9afa-525400b8977a
cserrorcode = 4365
errorcode = 531
errortext = Acct[74caa349-7f41-4e1a-b4b1-d386c0c2a1a2-rbergsma] does not
have permission to operate within domain id=9c2baf29-9846-11e5-9afa-525400b8977a
uuidList:
```
This is the mentioned domain id:
```
(admin) 🐵 > set profile root
(root) 🐵 > list domains id=9c2baf29-9846-11e5-9afa-525400b8977a filter=name
count = 1
domain:
name = ROOT
```
Most likely due to the physical network id. Hmm..
> Domain admins cannot create nor delete a private gateway
> --------------------------------------------------------
>
> Key: CLOUDSTACK-9137
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-9137
> Project: CloudStack
> Issue Type: Bug
> Security Level: Public(Anyone can view this level - this is the
> default.)
> Reporter: Remi Bergsma
> Assignee: Remi Bergsma
> Priority: Critical
>
> To create a private gateway you need a root admin account. This does not make
> sense, as you can do a lot more with such a powerful account. Other network
> related API calls can be made by a domain admin.
> Let's change it so domain admins can create their own private gateways.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
