User not authorized to perform USE in reservation VNETs only

Hi, I am running OpenNebula 4.12.

I have a group of users “bots” (id 102).

Bots have an ACL that allows them to USE VirtualNetworks:

13 @102 VHNI-T-DC---- * u--- *

This works for regular virtual networks, they can run vn.info!() (using the Ruby OCA) and they get the VN information. However, when doing exactly the same with VirtualNetworks of type “Reservation”, I get

[VirtualNetworkInfo] User [8] : Not authorized to perform USE NET [7].

Am I missing something or might this be a bug? I’ve searched around without luck…

If I add a specific ACL specifing the ID of the VNET (7) instead of ALL, then it works :S

Thanks in advance…

shameless bump :smile:

Hi

VNET reservations also includes an implicit ACL to by pass the ALL and cluster rules. This was introduced as a security requirement. For example, to not see reservation made by other users. Changes were made here:

http://dev.opennebula.org/projects/opennebula/repository/revisions/acf5052009a045756e9b05d4331d1bc933f9fe53

I checked the docs, but could not see any references :frowning: I’ll fill a ticket for this.

So in summary, this is the expected behavior.

1 Like