Virtual Nets visible to all users
|Assignee:||Carlos Martín||% Done:|
|Category:||Core & System|
|Target version:||Release 4.14|
Virtual Nets visible to all users, which violates permission control policy.
The attached patch provides a temporary fix for this issue, which correct the where_filter usage in VirtualNetworkPoolInfo::request_execute().
#3 Updated by Carlos Martín over 4 years ago
- Status changed from Pending to Closed
- Resolution set to invalid
The permission control is working fine for me.
To test it, I've created 2 users, and 2 vnets owned by each one of them. The onevnet output contains only their own vnet.
Please note that by default, the VDC 0 contains the CLUSTER ALL for zone 0. This internally creates the acl '@1 NET+DATASTORE/* USE #0'. If you don't want this behaviour, update the VDC and the ACL rules will be adjusted internally.
As far as I can tell, the patch you provide prevents the 'all' and 'cluster' ACL rules from working properly.