ONE 5.0: Enable a user to create VNET


We setup a new ONE 5.0 to test our integration and are facing an issue with VNET creation.

I reproduce the same ACL as on our 4.14.2 ONE:


This should permit user with ID 7 (jenkins) to create and administrate virtual networks of group 101.

But the API call returns that my user does not have ADMIN CLUSTER.

Looking at the API interface, I don’t see why I need this right.

Any idea?


I don’t see any difference with 4.14 permissions.


The problem is that the vnet is added to the default cluster, and that action requires ADMIN CLUSTER. I’ll update the documentation to reflect this.

Ok, so I only need to add ADMIN CLUSTER for cluster ID 0 to my user.

But this enable much more right than I may want one.cluster.delete CLUSTER:ADMIN.

This looks like my jenkins could delete cluster 0 :confused: