These users only have use & manage rights but are still able to create a disk-snapshot in sunstone (Storage Tab -> Camera Symbol). Strangely when they want to delete this Snapshot they get the following message:
[one.vm.disksnapshotdelete] User [6] : Not authorized to perform ADMIN VM [167].
Thanks for the hint for disabling this option from the view.
These users are using users view and the CLI.
Still the users can create disk-snapshots from the CLI and just removing this option from the view is in my opinion not a complete solution.
I think by setting the fine grained VM permissions (in my case putting disk-snapshot to the admin section) in oned.conf should disallow the creation of a snapshot completely for non-admin users resulting in a “Non authorized to perform…” message. Or have I missed something about this part of the configuration?
I have seen the problem with more detail and I have found a code bug. I have resolved the problem and early you will have the solution in the repository.