ONE-5.02 All virtual networks shown to user (in cloud view) while it shouldn't

Hello.

I have 5 virtual networks defined as admin. Only two of them have “use” and “manage” rights for “other”. I would expect a new created user who is in group users to not see the other three virtual networks. Is this a known bug?

thanks and cheers
t.

Thomas Stein opennebula@discoursemail.com writes:

Hello.

I have 5 virtual networks defined as admin. Only two of them have
"use" and “manage” rights for “other”. I would expect a new created
user who is in group users to not see the other three virtual
networks. Is this a known bug?

This is due to the default ACL which give users a use for the cluster.

  1. Define resources with their cluster

  2. Define a VDC for a group with that cluster as resource

=> All users of that VDC has a use for the resources of the cluster

Here, each user has its own networks for a total of 300 networks, so we
finally do not add the cluster directly to VDC but resources separately:

  • hosts

  • no networks, we use chgrp and chmod on shared networks usable by the
    group

  • datastores

Regards.
Daniel Dehennin
Récupérer ma clef GPG: gpg --recv-keys 0xCC1E9E5B7A6FE2DF
Fingerprint: 3E69 014E 5C23 50E8 9ED6 2AAD CC1E 9E5B 7A6F E2DF

Hi Daniel.

Thanks for your answer. Let me sum that up. I have to create a new VDC and have to put resources to it. Than associate the user with that VDC. Will try soon.

thanks and cheers
t.

Thomas Stein opennebula@discoursemail.com writes:

Hi Daniel.

Thanks for your answer. Let me sum that up. I have to create a new VDC
and have to put resources to it. Than associate the user with that
VDC. Will try soon.

This was the steps to reproduce our use case.

You need to look at you default ACLs and make the necessary changes
accordingly.

Regards.
Daniel Dehennin
Récupérer ma clef GPG: gpg --recv-keys 0xCC1E9E5B7A6FE2DF
Fingerprint: 3E69 014E 5C23 50E8 9ED6 2AAD CC1E 9E5B 7A6F E2DF

I see. Works as expected. Thank you again.

cheers
t.