Bug #3384
Users in Cloud view is able to add vnet even they have no permission to do so
Status: | Closed | Start date: | 11/27/2014 | |
---|---|---|---|---|
Priority: | Normal | Due date: | ||
Assignee: | - | % Done: | 0% | |
Category: | - | |||
Target version: | - | |||
Resolution: | worksforme | Pull request: | ||
Affected Versions: | OpenNebula 4.10 |
Description
Presumably if permission is not set up OTHER with USE permission, OTHER should not see it as well
History
#1 Updated by Carlos Martín over 6 years ago
When a cluster is set as a group resource provider, users are able to see the DS and Vnets in that cluster.
Your vnet is in cluster Xeon, probably the user's group has it as a resource provider. Can you check if this is the case?
#2 Updated by Rachel Chen over 6 years ago
Carlos Martín wrote:
When a cluster is set as a group resource provider, users are able to see the DS and Vnets in that cluster.
Your vnet is in cluster Xeon, probably the user's group has it as a resource provider. Can you check if this is the case?
Yes, the vnet is indeed in the cluster, but it does not seem to make sense if I did not delegate permission USE to OTHER but they are still able to see it. Is there a workaround or this is more like a feature?
#3 Updated by Ruben S. Montero over 6 years ago
- Status changed from Pending to Closed
- Resolution set to worksforme
Jerry Chen wrote:
Carlos Martín wrote:
When a cluster is set as a group resource provider, users are able to see the DS and Vnets in that cluster.
Your vnet is in cluster Xeon, probably the user's group has it as a resource provider. Can you check if this is the case?Yes, the vnet is indeed in the cluster, but it does not seem to make sense if I did not delegate permission USE to OTHER but they are still able to see it. Is there a workaround or this is more like a feature?
This is the intended behavior a cluster assigned to a group grants USE permissions to all the users of a group. It seems that in your use case, it'd be better not to use group resource providers and manually assign access to resources by hand setting the corresponding ACLs. Note that for large installations this would not scale and it'd be difficult to debug...
Closing as OpenNebula works as expected