i’m currently running into an issue with a group of users that basically do things i don’t want them to do. They create snapshots for like every command they enter which is just a mess.
As you know documentation is not read by users and to tell everyone who does it when they do does not scale so actually i’d like to limit snapshot creation to specific groups and deny it as default. Unfortunately i did not find a way how to manage that so far in the ACLs as the users should be able to start and create instances but not snapshots.
I could remove it from the sunstone views but the reasons not to do that are obvious i guess. It would be great to have more fine grained ACLs to actually limit based on actions a user can do and not just in the very wide sense of manage,use and so on.