Hey,
Is there any solution to give a group use/mange permissions for virtualmachines within Cluster ID?
I get a error message when apply this setting:
CLUSTER(%) selector can be applied only to DATASTORE, HOST and NET types
I get a error message when apply this setting:
CLUSTER(%) selector can be applied only to DATASTORE, HOST and NET types
Hi,
I’m afraid that is not possible. You can impose cluster-based restrictions to objects that are part of a cluster. (hosts, datastores or networks).
VM access restrictions can be imposed based on group ownership
Okey… Another use case:
Every user is a ldap user and i have multiple groups:
Admins_group ( ldap based)
- mange permissons on every vm within cluster.
User_group (local groups manual action)
- users are added to this group to use (1 or more vm`s)
How can i accomplice this?
I think the best approach in your case is Virtual Datacenters (https://docs.opennebula.io/5.10/operation/users_groups_management/manage_vdcs.html)
You can:
- Create a VDC and associate a cluster to it
- Create a group of users associated to this VDC
- Create a group-admin to act as a tier-1 admin for the group with permission over user management and group resources.
There should be an ACL (automatically created) that allow group admins to manage resources in the group as the group only have access to a cluster you should get (to some extent) the behavior you are looking for.
Create a group and a group admin
Then create a VDC for this group and clusters you like.
ACLs should look like this:
As you see the admin has manage rights over the test_group resources
No, you are not doing anything wrong. This is the “to some extent” I refer to. THe VM is owned by oneadmin, this is only going to work for the VMs created within the VDC i.e. by people on the VDC group.