Valery Ciareszka created CLOUDSTACK-4838: --------------------------------------------
Summary: proper messaging of checkAccess exceptions Key: CLOUDSTACK-4838 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-4838 Project: CloudStack Issue Type: Improvement Security Level: Public (Anyone can view this level - this is the default.) Components: Management Server Affects Versions: 4.2.0 Environment: KVM(CentOS 6.4) Reporter: Valery Ciareszka Priority: Minor If you try to deploy virtualmachine via root domain API from non-public template and specify non-privileged user as its owner, it will fail. I.e. curl "http://localhost:8096/client/?command=deployVirtualMachine&serviceofferingid=2b45be75-0ec8-4683-91a0-d95414da310d&zoneid=4a5bc8e5-bab9-4f92-9249-d57ef8a0f9f8&templateid=94013c8f-b615-467f-8df2-635ac4c5efb5&networkids=5928684b-f9fc-4c2f-a74b-d6af622250f3&account=vdc3880&domainid=2744e9b6-8633-4e8d-bb4d-860fe5e7e744" Response is: <?xml version="1.0" encoding="UTF-8"?> <deployvirtualmachineresponse cloud-stack-version="4.2.0"><errorcode>531</errorcode> <cserrorcode>4365</cserrorcode> <errortext>Acct[ebcf2919-a842-4986-a8ed-a3806dfbd8f2-vdc3880] does not have permission to operate with resource Acct[9d9ef909-2469-11e3-9901-90e2ba51b336-admin]</errortext> </deployvirtualmachineresponse> It is unclean, what was the reason of PermissionDeniedException. After modifying source code and adding more debug messages I figured out that this was caused because template was non-public, but it is non obvious. It would be great if such exceptions could provide more information about their actual reasons. -- This message was sent by Atlassian JIRA (v6.1#6144)