Sunstone Virtual Network in user view

Community Support
1

Hi!
How to enable creation of new Virtual Networks in ‘user’ view for normal user in GUI Sunstone?
Our ACLs in the attachment also.

According to the documentation (http://docs.opennebula.org/5.4/deployment/sunstone_setup/suns_views.html#user-view) “They (users) will be able to see Datastores and Virtual Networks in order to use them when creating a new Image or Virtual Machine, but they will not be able to create new ones.”

That behavior cannot be changed?

P.S.: I can do that feature “Add Virtual Network” can be visible in GUI Sunstone through editing conf file /etc/one/sunstone-views/user.yaml (set “Network.create_dialog: true”). But I have such error “one.vn.allocate Not authorized to perform ADMIN CLUSTER” during vnet creation. It means, that I must add ADMIN CLUSTER permissions to certain user (or even group) (ONE 5.0: Enable a user to create VNET).

But this is very dangerous to give admin rights to normal user (he will become an cluster admin) only for creation vnets. How to get the result in more secure way?

vnets-tab:
    panel_tabs:
        vnet_info_tab: true
        vnet_ar_list_tab: true
        vnet_leases_tab: true
        vnet_sg_list_tab: true
        vnet_vr_list_tab: true
        vnet_clusters_tab: false
    table_columns:
        - 0         # Checkbox
        - 1         # ID
        - 2         # Owner
        - 3         # Group
        - 4         # Name
        - 5         # Reservation
        - 6         # Cluster
        #- 7         # Bridge
        - 8         # Leases
        #- 9         # VLAN ID
        #- 10         # Labels
        #- 11        # Search data
    actions:
        Network.refresh: true
        **Network.create_dialog: true**
        Network.import_dialog: false
        Network.update_dialog: true
        Network.reserve_dialog: true
        Network.addtocluster: false
        Network.rename: true
        Network.chown: false
        Network.chgrp: false
        Network.chmod: true
        Network.delete: true
        Network.hold_lease: true
        Network.release_lease: true
        Network.add_ar: false
        Network.remove_ar: true
        Network.update_ar: true
        Network.edit_labels: true
        Network.menu_labels: true

sunstone_vnets
sunstone_vnets.png1186×595 47.4 KB

sunstone_acls
sunstone_acls.png961×546 29 KB