I try to figure how to let my users make disk snapshot with public image but I don’t see how.
I created an image on my account and I granted USE right to OTHER. I logged with a user account with the cloud view + the Storage tab only (no user view). I tried to snapshot the disk and I got the “[VirtualMachineDiskSnapshotCreate] User [7] : Not authorized to perform MANAGE IMAGE [24].”
If I grant the MANAGE right to OTHER, anyone can delete the image (some of my users have access to the user view).
Is there a way to let user make snapshot without the right to delete the image?
As you said, the MANAGE authorization opens a block of actions (full reference here). You can’t enable individual API calls.
I think your options are:
Clone the image for each user that will use, and change its owner. This way each user will manage his own image.
Create a new sunstone view removing the actions that you don’t want your users to perform, e.g. image delete. Bear in mind that this prevents the users from initiating the action from sunstone, but if they have access to the CLI, they will still be able to perform them.