We often come across situations where a user wants to share a VM with another user, i.e. give another user manage-rights on a particular VM. We did not find any other trick to cover this other than creating a group containing the two users and assigning the VM to that group. However, this is impractical since groups have to be created by an admin and it leads to an unnecessary large number of groups. And if a VM should be shared among three users, things get even worse
Of course, we could create ACL entries for these VMs, but this would also involve the admin to create every entry. The user cannot do that alone.
Conceptually, this reminds me of the classic unix file permission problem where you also have to create groups to share a file with a particular user. The solution in this case were file based ACLs. So what we would like to have in OpenNebula is something like VM based ACLs that can be set by a VM’s owner. Is something like this possible?