Description of problem:
Today, when creating an external disk, backend requires CREATE_DISK permissions on storage domain with empty guid --> which maps to the blank template.
The correct requirement should be a CREATE_DISK permissions on the System object (like for creating new storage domains).
How reproducible:
Always
Steps to Reproduce:
1. Give user XXX DCAdmin on some DC.
2. Try creating an external disk --> fails the permissions check
3. Give user XXX DiskCreator permissions on the blank template
4. Try creating an external disk --> Succeeds
Actual results:
"2" fails and "4" succeeds.
Expected results:
Both "2" and "4" should fail.
One should have CREATE_DISK on the system object in order to create an external disk.
So once you give XXX StorageAdmin permissions on the system level, you'll be able to create an external disk.