Hi!
How to enable creation of new Virtual Networks in ‘user’ view for normal user in GUI Sunstone?
Our ACLs in the attachment also.
According to the documentation (http://docs.opennebula.org/5.4/deployment/sunstone_setup/suns_views.html#user-view) “They (users) will be able to see Datastores and Virtual Networks in order to use them when creating a new Image or Virtual Machine, but they will not be able to create new ones.”
That behavior cannot be changed?
P.S.: I can do that feature “Add Virtual Network” can be visible in GUI Sunstone through editing conf file /etc/one/sunstone-views/user.yaml (set “Network.create_dialog: true”). But I have such error “one.vn.allocate Not authorized to perform ADMIN CLUSTER” during vnet creation. It means, that I must add ADMIN CLUSTER permissions to certain user (or even group) (ONE 5.0: Enable a user to create VNET).
But this is very dangerous to give admin rights to normal user (he will become an cluster admin) only for creation vnets. How to get the result in more secure way?
vnets-tab:
panel_tabs:
vnet_info_tab: true
vnet_ar_list_tab: true
vnet_leases_tab: true
vnet_sg_list_tab: true
vnet_vr_list_tab: true
vnet_clusters_tab: false
table_columns:
- 0 # Checkbox
- 1 # ID
- 2 # Owner
- 3 # Group
- 4 # Name
- 5 # Reservation
- 6 # Cluster
#- 7 # Bridge
- 8 # Leases
#- 9 # VLAN ID
#- 10 # Labels
#- 11 # Search data
actions:
Network.refresh: true
**Network.create_dialog: true**
Network.import_dialog: false
Network.update_dialog: true
Network.reserve_dialog: true
Network.addtocluster: false
Network.rename: true
Network.chown: false
Network.chgrp: false
Network.chmod: true
Network.delete: true
Network.hold_lease: true
Network.release_lease: true
Network.add_ar: false
Network.remove_ar: true
Network.update_ar: true
Network.edit_labels: true
Network.menu_labels: true
…
