| Summary: | RFE: Power user should be able to create snapshots in userportal | ||||||
|---|---|---|---|---|---|---|---|
| Product: | [oVirt] ovirt-engine | Reporter: | Petr Matyáš <pmatyas> | ||||
| Component: | BLL.Virt | Assignee: | Michal Skrivanek <michal.skrivanek> | ||||
| Status: | CLOSED CURRENTRELEASE | QA Contact: | meital avital <mavital> | ||||
| Severity: | medium | Docs Contact: | |||||
| Priority: | unspecified | ||||||
| Version: | 4.0.5 | CC: | bugs, gshereme, mperina, pmatyas, rbarry, tjelinek | ||||
| Target Milestone: | --- | Keywords: | FutureFeature | ||||
| Target Release: | --- | Flags: | rule-engine:
planning_ack?
rule-engine: devel_ack? rule-engine: testing_ack? |
||||
| Hardware: | Unspecified | ||||||
| OS: | Unspecified | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2019-02-05 11:26:40 UTC | Type: | Bug | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | UX | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Attachments: |
|
||||||
That is because the MANIPULATE_VM_SNAPSHOTS is not part of the Power User Role. I don't think it ever was. @Petr: from documentation it is not really clear what it should do. If you still think MANIPULATE_VM_SNAPSHOTS should be part of Power User Role, please change this BZ to be an RFE. Implemented in oVirt 4.3.0 |
Created attachment 1219458 [details] engine log Description of problem: I have a user that has power user persmissions to whole system and he is unable to perform any operations with snapshots on any VM. Version-Release number of selected component (if applicable): 4.0.5-6 How reproducible: always Steps to Reproduce: 1. create a user with power user permission to system 2. log in with this user to userportal - extended tab 3. try to create/preview/delete a snapshot Actual results: insufficient permissions Expected results: can perform any action with snapshots on VMs the user has rights to Additional info: 2016-11-10 15:11:13,227 INFO [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] (org.ovirt.thread.pool-6-thread-30) [318a2699] Correlation ID: 318a2699, Call Stack: null, Custom Event ID: -1, Message: User/Group tester, Namespace *, Authorization provider: internal-authz was granted permission for Role PowerUserRole on VM asdfjklhasef, by admin@internal-authz. 2016-11-10 15:11:23,749 INFO [org.ovirt.engine.core.bll.snapshots.CreateAllSnapshotsFromVmCommand] (default task-11) [21d4b138] No permission found for user '136de501-3f2c-490e-8 24c-1844011fa1eb' or one of the groups he is member of, when running action 'CreateAllSnapshotsFromVm', Required permissions are: Action type: 'USER' Action group: 'MANIPULATE_VM_ SNAPSHOTS' Object type: 'VM' Object ID: '640f453b-3388-47a7-8e60-904a1bb62e17'. 2016-11-10 15:11:23,749 WARN [org.ovirt.engine.core.bll.snapshots.CreateAllSnapshotsFromVmCommand] (default task-11) [21d4b138] Validation of action 'CreateAllSnapshotsFromVm' fa iled for user tester@internal-authz. Reasons: VAR__ACTION__CREATE,VAR__TYPE__SNAPSHOT,USER_NOT_AUTHORIZED_TO_PERFORM_ACTION