| Summary: | ClusterAdmin is unable to add network interface to template | ||
|---|---|---|---|
| Product: | [oVirt] ovirt-engine | Reporter: | Lukas Svaty <lsvaty> |
| Component: | Backend.Core | Assignee: | Nobody <nobody> |
| Status: | CLOSED NOTABUG | QA Contact: | meital avital <mavital> |
| Severity: | medium | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 4.0.2.7 | CC: | bugs, danken, lsvaty, tjelinek |
| Target Milestone: | --- | Keywords: | Regression |
| Target Release: | --- | Flags: | rule-engine:
planning_ack?
rule-engine: devel_ack? rule-engine: testing_ack? |
| Hardware: | All | ||
| OS: | All | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2016-08-24 08:21:15 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | Network | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
Could you please provide the engine logs? They should contain a message about the particular permission needed. 2016-08-24 07:23:52,032 INFO [org.ovirt.engine.core.bll.network.template.AddVmTemplateInterfaceCommand] (default task-14) [5ed10d4e] No permission found for user 'c4f22c4e-c66a-4fe3-9992-3a5797d4aa5d' or one of the groups he is member of, when running action 'AddVmTemplateInterface', Required permissions are: Action type: 'USER' Action group: 'CONFIGURE_TEMPLATE_NETWORK' Object type: 'Template' Object ID: '53ef39b0-be45-495b-9b76-7d8f598f476f'. 2016-08-24 07:23:52,033 WARN [org.ovirt.engine.core.bll.network.template.AddVmTemplateInterfaceCommand] (default task-14) [5ed10d4e] Validation of action 'AddVmTemplateInterface' failed for user user1@internal-authz. Reasons: VAR__TYPE__INTERFACE,VAR__ACTION__ADD,USER_NOT_AUTHORIZED_TO_PERFORM_ACTION OK, it seems the ClusterAdmin has the CONFIGURE_VM_NETWORK (e.g. Assign vNIC Profile to VM) but is missing the CONFIGURE_TEMPLATE_NETWORK (e.g. Assign vNIC Profile to Template) Moving to network for further investigation. Templates sit in the DC and shared among all clusters. A cluster admin should not modify a DC entity. |
Description of problem: User with clusterAdmin permissions on DC are not able to add nic to template Version-Release number of selected component (if applicable): ovirt-engine-4.0.2.7-0.1.el7ev.noarch How reproducible: 100% Steps to Reproduce: 1. to dc add user with ClusterAdmin permissions 2. login as user 3. try to add nic to template within mentioned dc Actual results: Error while executing action: template: User is not authorized to perform this action. Expected results: Success