Bug 1564509

Summary: Unable to grant user permissions to upload ISOs through the web interface
Product: [oVirt] ovirt-engine Reporter: doc-help
Component: Frontend.WebAdminAssignee: Fedor Gavrilov <fgavrilo>
Status: CLOSED CURRENTRELEASE QA Contact: Pavel Novotny <pnovotny>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 4.2.2CC: baumanmo, bugs, lleistne, tnisan
Target Milestone: ovirt-4.4.0Flags: pm-rhel: ovirt-4.4+
Target Release: ---   
Hardware: All   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2020-05-20 20:02:03 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: Storage RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description doc-help 2018-04-06 13:18:43 UTC 
Description of problem:

oVirt 4.2.2 adds the option for ISOs to be uploaded through the
web interface.  There does not appear, however, to be a way to
grant a user permission that will allow end-users to upload ISOs
to one or more specific Data Domains through the web interface.

Granting the 'DiskCreator' role on a Data Domain to user does not
allow ISO uploads, although it allows disk uploads.  Granting
the 'DiskCreator' System permission *does* work but that is
insufficiently granular because it allows the end-user to perform
those operations on *all* Data Domains.

Version-Release number of selected component (if applicable):
ovirt-engine 4.2.2.6-1.el7.centos 

How reproducible:

Grant a user 'SuperUser' and 'DiskCreator' roles on a specific Data Domain,
Attempt to upload an ISO to that Data Domain as that user.

Steps to Reproduce:
1. Log onto Administration Panel, then go to Storage -> Domain and choose a Data Domain.
2. Under the 'Permissions' sub-menu for that Data Domain add the 'SuperUser' and 'DiskCreator' Roles for a user that does not already have Administrator-level
System Permissions.
3. Log onto the Administration Panel as that user, navigate to the chosen Data
Domain, go to to 'Disks' sub-menu and attempt to upload an ISO

Actual results:
A dialog appears:

"Operation Canceled
Error while executing action: User is not authorized to perform this action."


Expected results:
The web interface shows the transfer/upload in progress and the ISO upload attempt succeeds, whereupon the ISO is available for use (booting VMs).

Additional info:

A corresponding entry appears in /var/log/ovirt-engine/engine.log
on the oVirt management server when an attempt at uploading an ISO
is made by the user:

INFO
[org.ovirt.engine.core.bll.storage.disk.image.TransferImageStatusCommand]
(default task-40) [<TASK ID>] No permission found for user '<USER ID>' or one of the groups he is member of, when running action 'TransferImageStatus',
Required permissions are: Action type: 'USER' Action group:
'CREATE_DISK' Object type: 'System'  Object ID: '<OBJECT ID>'.
Comment 1 Sandro Bonazzola 2019-01-28 09:41:17 UTC 
This bug has not been marked as blocker for oVirt 4.3.0.
Since we are releasing it tomorrow, January 29th, this bug has been re-targeted to 4.3.1.
Comment 5 Sandro Bonazzola 2020-05-20 20:02:03 UTC 
This bugzilla is included in oVirt 4.4.0 release, published on May 20th 2020.

Since the problem described in this bug report should be
resolved in oVirt 4.4.0 release, it has been closed with a resolution of CURRENT RELEASE.

If the solution does not work for you, please open a new bug report.