Description of problem:
User cannot create VMs with "ACTION_TYPE_NO_PERMISSION_TO_ASSIGN_CPU_PROFILE,$cpuProfileId,$cpuProfileName"
User who belongs to an IPA group with SuperUser role, set in Clusters -> CPU Profile, does not inherit CpuProfileCreator rights and we need to specify user manually. Adding the "CpuProfileCreator" role for the IPA group doesn't make any difference.
Initially, thought this was related to BZ 1143869 but does not seem to be the same, customer upgraded to 3.6.7 and same error happens.
Version-Release number of selected component (if applicable):
RHEV-M 3.6.7 (rhevm-3.6.7.5-0.1.el6.noarch)
How reproducible:
100% in customer's environment
Steps to Reproduce:
1. Add an IPA group with SuperUser role into the right frame in Clusters -> choose cluster -> cpu profiles subtab -> cpu profile
2. Try to create a VM, in this case, from a Template, with a user who belongs to that IPA group
Actual results:
Will fail with following message in engine.log
2016-07-14 21:30:07,935 WARN [org.ovirt.engine.core.bll.AddVmFromTemplateCommand] (ajp-/127.0.0.1:8702-7) [] CanDoAction of action 'AddVmFromTemplate' failed for user <user>@<domain>. Reasons: VAR__ACTION__ADD,VAR__TYPE__VM,ACTION_TYPE_NO_PERMISSION_TO_ASSIGN_CPU_PROFILE,$cpuProfileId 40868150-e4b1-49db-8b42-535ef3da8480,$cpuProfileName <CL-NAME>
Expected results:
It should let user from IPA group, with SuperUser role, to create VMs.
User who belongs to a SuperUser IPA group role, should not need specific 'CpuProfileCreator' permissions since it should inherit them from SuperUser role from the IPA group.
Additional info:
As a workaround, add the user, not the group, with role "CpuProfileCreator" in Clusters -> CPU Profile.