User not authorized to perform USE in reservation VNETs only

Hi, I am running OpenNebula 4.12.

I have a group of users “bots” (id 102).

Bots have an ACL that allows them to USE VirtualNetworks:

13 @102 VHNI-T-DC---- * u--- *

This works for regular virtual networks, they can run!() (using the Ruby OCA) and they get the VN information. However, when doing exactly the same with VirtualNetworks of type “Reservation”, I get

[VirtualNetworkInfo] User [8] : Not authorized to perform USE NET [7].

Am I missing something or might this be a bug? I’ve searched around without luck…

If I add a specific ACL specifing the ID of the VNET (7) instead of ALL, then it works :S

Thanks in advance…

shameless bump :smile:


VNET reservations also includes an implicit ACL to by pass the ALL and cluster rules. This was introduced as a security requirement. For example, to not see reservation made by other users. Changes were made here:

I checked the docs, but could not see any references :frowning: I’ll fill a ticket for this.

So in summary, this is the expected behavior.

1 Like