Virtual networks view from group admin

Hi everyone, i would like to know which one is the proper view for the virtual networks.

I created a new group with an admin user and changed the ownership and membership of 2 virtual networks to this group, now when looking at the virtual networks i see the below:

image

virtual network id 16 and virtual network id 13 (same group) are the ones of which the currently logged in user is the owner but the other ones are owned by oneadmin.

Questions:

1-can the virtual network name be shown?
2-why do the virtual networks of groups that the currently logged in user is not a member of displayed in the virtual networks screen?

Thanks in advance

Ok so this seems to happen only with the groupadmin view as the same user (the group administrator) and also normal users (in the same group) with the cloud view can see the virtual network name shown correctly when creating a new VM

image

so the answer to question 1 is a view setting as since it can be viewed in the cloud view the same setting can be enabled in the groupadmin view too.

Regarding question 2 though I would like to know the feedback of someone please…

Thanks in advance

Hi @luke.camilleri,

In the group administrator view, there is a small error that is already resolved (vnet names).

Regarding the second question, it is most likely a problem of permissions, check the permissions of your resources, and the groups that belong to your new user.

If the user is in a group other than oneadmin and is not an owner, he should not be able to see the vnets.

Regards.

Hi @AbelC and thanks for your feedback. So the first issue is resolved in a later version (can you tell me which version please?)

Regarding the second question of the group admin being able to view all the virtual networks, I have not made any changes whatsoever to the views so this should be something by default. What is supposed to be shown when adding a virtual network at the vm creation screen?

The user is in another group which is not oneadmin and is the owner of just 2 networks (ID 13 and ID 16)

network ID’s 13 and 16 have the below permissions setup for the virtual network resource and the owner is the groupadmin mentioned above.

image

while network ID 14 has the “Other” given the permission to use since that is a public network and I use it to access the VM’s.

I believe that there are some permissions which are not quite right by default

OpeNebula 5.4.6

In the latest version (5.4.9) the bug is fixed.

Regarding the other topic, I think it’s because of the VDCs. Do you have any VDC other than the default one?

If you do not have another VDC defined, by default the new groups will belong to it. The default VDC gives permissions to see all the resources of all the clusters.

When you assign a group to a VDC, the corresponding ACLs are automatically created.

Check the ACLs.

Regards.

Hi @AbelC thanks for your time assisting me on this and sorry for my late reply. I have made the tests regarding the VDC and ACL’s as you suggested and even though I do not think that was actually my problem I believe that you were actually pointing me in the right direction.

I started to create a number of test VDC and one of them actually worked as expected…by accident :-). It all boils down that for every VDC I was creating I was adding the cluster with ID 100 (below)

When I actually remove the cluster from the resources assigned to the new VDC the networks that the user is owner of or has permissions to use via the “groups” or “other” are visible in the Virtual Networks view

Virtual Networks screen:

image

The names are not visible since I have not updated to 5.4.9 as requested for the time being and will do so in the future.

Thanks once again @AbelC