Group admin rights

I manage tiny opennebula 5.0.2 cloud. Now I have to give out a piece of this cloud to one of our customers.
I created new group with admin and all looks smooth. Admin can create new users, instantiate VM from existing templates and so on. For now I just can’t understand why group admin can’t create new templates or images although corresponding checkbox was checked.

Please maybe somebody can clarify how can I give such opportunity for group admin ?

The admin should be able to do so. Please could you check the ACLs for the
group admin account, oneacl list for example or sunstone…

Hi Ruben.
Thank you for the prompt reply to my question. Below is the screenshot with ACLs.

As you can see the user demo-ak-admin does not have create rights for the
objects. You should have them if you selected them when creating the user,
you can update rule 74 (or create a new one) to grant create rights the the
admin user.

Hi Ruben.
Please explain what do you mean by “You should have them if you selected them when creating the user” ? In time of creating users I can select only username, password and authentication source. In time of creating groups on the Permissions tab there are corresponding checkboxes but all of them except VMnet are checked by default. Furthermore as you can see on my screenshot after creating of group there are all required rules in ACL. I also tried to grant create right for group admin user.

But unfortunately neither group admin “ak-demo-admin” or generic member of group are unable to create Templates. Green button with plus symbol missed in Template section.

Sorry I was talking about the group admin user, when you create the group you can check the resource that the users in the group can create. This is under the “Permissions” tab

As I already wrote in previous post those checkboxes are checked by default and there are all corresponding rules in ACL list, but green button with plus symbol for all users of group ak-demo is missed.

Maybe it is a bug of GUI ?

Hi Roman,

Sorry for the delay, I had the chance to test this and it is working for me, the ACL created automatically grants all users in group ak-demo to create VM Templates. I’ve just reproduce it and have no problems to access the buttons nor creating the VM Template from the GUI. Maybe you can try to access from an incognito window, reload the Sunstone page or similar.


Hi Ruben.
Seems that we are just talking about different admin views :slight_smile: . “Plus” button present in admin view for group admin ak-demo-admin but missed in groupadmin view. I think it is bit illogical because admin view for group admins is overkill but groupadmin view is not sufficient for daily tasks.

Ruben can you advise me how can we solve our problem. We need to give out a piece of our cloud to one of our customers. Customer should be able to upload ISO files, create custom templates and install different operation systems for themselves.