Hey,
Is there any solution to give a group use/mange permissions for virtualmachines within Cluster ID?
I get a error message when apply this setting:
CLUSTER(%) selector can be applied only to DATASTORE, HOST and NET types
Hey,
Is there any solution to give a group use/mange permissions for virtualmachines within Cluster ID?
Hi,
I’m afraid that is not possible. You can impose cluster-based restrictions to objects that are part of a cluster. (hosts, datastores or networks).
VM access restrictions can be imposed based on group ownership
Okey… Another use case:
Every user is a ldap user and i have multiple groups:
Admins_group ( ldap based)
User_group (local groups manual action)
How can i accomplice this?
I think the best approach in your case is Virtual Datacenters (https://docs.opennebula.io/5.10/operation/users_groups_management/manage_vdcs.html)
You can:
There should be an ACL (automatically created) that allow group admins to manage resources in the group as the group only have access to a cluster you should get (to some extent) the behavior you are looking for.
Create a group and a group admin
Then create a VDC for this group and clusters you like.
ACLs should look like this:
As you see the admin has manage rights over the test_group resources
No, you are not doing anything wrong. This is the “to some extent” I refer to. THe VM is owned by oneadmin, this is only going to work for the VMs created within the VDC i.e. by people on the VDC group.