VDC Admin couldn't run "oneuser list"
As the administration of the VDC, shouldn't I be allowed to run "oneuser list" to show a list of users under this VDC?
Currently, I got permission denied.
[test1@ozoneserver-cogeco templates]$ oneuser list
[UserPoolInfo] User  not authorized to perform action on user.
This is running ONE-3.0beta2.
#1 Updated by Patrice Lachance almost 10 years ago
Same problem for me. To reproduce:
- create zone and vdc using with admin=vdc1adm, password=somepassword
- create unix user account 'vdc1adm'
- su vdc1adm
- mkdir ~vdc1adm/.one
- echo "vdc1adm:somepassword" > ~vdc1adm/.one/one_auth
[vdc1adm@host]$ oneuser list
[UserPoolInfo] User  : Not authorized to perform INFO_POOL USER.
[vdc1adm@host]$ onehost list
[UserPoolInfo] User  : Not authorized to perform INFO_POOL HOST.
Tested access to sunstone using vdc1adm => no 'users' dashboard. Opening another bug in sunstone.
#2 Updated by Ruben S. Montero almost 10 years ago
- Status changed from New to Closed
- Resolution set to worksforme
Yes this is the way it is suppose to work. VDC admin should not be allowed to check the users of a Zone. Potentially you'll be sharing the zone among multiple VDCs, you may want to keep the users of other VDCs hidden to a VDC admin.
Same with hosts, you can offer a given SLA to a VDC but as a provider which hosts are actually supporting the VDC (that may be even shared) is something you may not want to disclose.
You can user onegroup show to list the IDs the users in the group (i.e. in the VDC)
I'll mark this as worksforme. Any comment is more than welcome
#4 Updated by Shi Jin almost 10 years ago
Thanks and I agree that the "onehost list" should not work by design.
However, "onegroup list" does not work for me either:
[test1@ozoneserver-cogeco ~]$ onegroup list
[GroupPoolInfo] User  not authorized to perform action on group.
I am still confused on how could a vdcadmin find out who are the users in this VDC. Thanks.
#7 Updated by Shi Jin almost 10 years ago
Well, yes I can run
test1@ozoneserver-cogeco ~]$ onegroup show 100 GROUP 100 INFORMATION ID : 100 NAME : vdc1 USERS ID 8 10
provided I know my group ID is 100 as vdcadmin of the VDC called vdc1. But the problem is that I don't know this number and it seems that "onegroup show" does not take group name as an argument
[test1@ozoneserver-cogeco ~]$ onegroup show vdc1 OpenNebula GROUP name not found, use the ID instead command show: argument 0 must be one of groupid,