Previously, users without VM -> Provisioning Operations -> Create permission were unable to live migrate virtual machines. This has now been fixed and such permission is no longer needed.
DescriptionJulio Entrena Perez
2015-08-10 08:54:51 UTC
Description of problem:
After upgrading RHEV-M from 3.4.5 to 3.5.3, users with a role that does not have VM -> Provisioning Operations -> Create permit can no longer live migrate already existing VMs.
Version-Release number of selected component (if applicable):
rhevm-backend-3.5.3.1-1.4.el6ev
How reproducible:
Always
Steps to Reproduce:
1. Copy the "SuperUser" administration role into a new role.
2. Edit "Copy_of_SuperUser" role and uncheck action VM --> Provisoning Operations --> Create .
3. Assign "Copy_of_SuperUser" role to a user in a directory.
4. Log in as such user and try to live migrate a VM.
Actual results:
Operation Canceled
Error while executing action:
<vm_name>:
User is not authorized to perform this action.
Also the following is logged to engine.log:
2015-08-07 13:44:20,071 INFO [org.ovirt.engine.core.bll.MigrateVmCommand] (ajp-/127.0.0.1:8702-4) [55cbcec9] No permission found for user f745277a-6867-4808-b35a-3b42155cd974 or one of the groups he is member of, when running action MigrateVm, Required permissions are: Action type: USER Action group: CREATE_VM Object type: Cluster Object ID: 5b6123ac-d289-4679-bb70-9f12501dc183.
2015-08-07 13:44:20,071 WARN [org.ovirt.engine.core.bll.MigrateVmCommand] (ajp-/127.0.0.1:8702-4) [55cbcec9] CanDoAction of action MigrateVm failed for user user1.redhat.com. Reasons: VAR__ACTION__MIGRATE,VAR__TYPE__VM,USER_NOT_AUTHORIZED_TO_PERFORM_ACTION
Expected results:
User can live migrate VMs as it was possible in RHEV-M 3.4.
Additional info:
This is a regression versus 3.4 behaviour.
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.
https://rhn.redhat.com/errata/RHEA-2016-0376.html
Description of problem: After upgrading RHEV-M from 3.4.5 to 3.5.3, users with a role that does not have VM -> Provisioning Operations -> Create permit can no longer live migrate already existing VMs. Version-Release number of selected component (if applicable): rhevm-backend-3.5.3.1-1.4.el6ev How reproducible: Always Steps to Reproduce: 1. Copy the "SuperUser" administration role into a new role. 2. Edit "Copy_of_SuperUser" role and uncheck action VM --> Provisoning Operations --> Create . 3. Assign "Copy_of_SuperUser" role to a user in a directory. 4. Log in as such user and try to live migrate a VM. Actual results: Operation Canceled Error while executing action: <vm_name>: User is not authorized to perform this action. Also the following is logged to engine.log: 2015-08-07 13:44:20,071 INFO [org.ovirt.engine.core.bll.MigrateVmCommand] (ajp-/127.0.0.1:8702-4) [55cbcec9] No permission found for user f745277a-6867-4808-b35a-3b42155cd974 or one of the groups he is member of, when running action MigrateVm, Required permissions are: Action type: USER Action group: CREATE_VM Object type: Cluster Object ID: 5b6123ac-d289-4679-bb70-9f12501dc183. 2015-08-07 13:44:20,071 WARN [org.ovirt.engine.core.bll.MigrateVmCommand] (ajp-/127.0.0.1:8702-4) [55cbcec9] CanDoAction of action MigrateVm failed for user user1.redhat.com. Reasons: VAR__ACTION__MIGRATE,VAR__TYPE__VM,USER_NOT_AUTHORIZED_TO_PERFORM_ACTION Expected results: User can live migrate VMs as it was possible in RHEV-M 3.4. Additional info: This is a regression versus 3.4 behaviour.