> On 3 Apr 2018, at 15:23, Lloyd Kamara <l.kam...@imperial.ac.uk> wrote: > > Dear Sir/Madam, > > The ability to upload ISOs through the web interface and boot > VMs from them is a welcome addition in oVirt release 4.2.2. > I am grateful to the people behind the implementation of this. > > Consider a scenario in which you wish to allow *end-users* > to upload ISOs to one or more Data Domains. The users can > then use the uploaded ISOs to boot their VMs. > > Is it possible to grant a user permission to upload ISOs through > the web interface? I tried to to this under oVirt release 4.2.2 > by doing the following: > > - adding the 'SuperUser' role to a target user for a specific > Data Domain, which enables the user to log onto the Administration Portal. > > - adding the 'DiskCreator' role to the same target user for the > same Data Domain, which, I would hope, would allow the user to > both create disks and upload ISOs within that Data Domain. > > Disk creation in the Data Domain for the target user works as expected; > ISO upload does not. A dialog appears with the message: 'Operation > Canceled Error while executing action: User is not authorized to > perform this action.' > > Here is the message that appears in /var/log/ovirt-engine/engine.log > when an attempt at uploading an ISO is made by the target user: > > > INFO > [org.ovirt.engine.core.bll.storage.disk.image.TransferImageStatusCommand] > (default task-40) [5b3fef06-49c8-4c34-81a3-a20fa691709a] No permission > found for user 'a9fde4c3-97a3-4494-84f8-08041a16710c' or one of the > groups he is member of, when running action 'TransferImageStatus', > Required permissions are: Action type: 'USER' Action group: > 'CREATE_DISK' Object type: 'System' Object ID: > 'aaa00000-0000-0000-0000-123456789aaa'. > > > If one assigns the DiskCreator role System permission for the target > user then that user can upload ISOs without problem. Unfortunately, > the user can upload ISOs - and create disks - in *all* data domains. > > To re-iterate, is it possible to grant an end-user permission to > upload ISOs to specific data domains through the web interface without > granting an all-encompassing System permission?
it does sound like a bug to me. Can you open one with those details? https://bugzilla.redhat.com/enter_bug.cgi?product=ovirt-engine <https://bugzilla.redhat.com/enter_bug.cgi?product=ovirt-engine> Thanks, michal > > > Best wishes, > Lloyd Kamara > > > References: > [The first two are included insofar as they concern ISO upload via web] > https://bugzilla.redhat.com/show_bug.cgi?id=1530730 > > https://bugzilla.redhat.com/show_bug.cgi?id=1536826 > > [This one is included because I wonder if the testing requests > includes the ability for users to upload ISOs via the web GUI, not > just attach existing ISOs in data domains to VMs] > > https://bugzilla.redhat.com/show_bug.cgi?id=1058798 > _______________________________________________ > Users mailing list > Users@ovirt.org > http://lists.ovirt.org/mailman/listinfo/users > >
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
