Bug 857873

Summary: [webadmin] Unable to create/edit vmpools in webadmin with user who has VmPoolAdmin role
Product: Red Hat Enterprise Virtualization Manager Reporter: Ondra Machacek <omachace>
Component: ovirt-engine-webadmin-portalAssignee: Oved Ourfali <oourfali>
Status: CLOSED CURRENTRELEASE QA Contact: Ondra Machacek <omachace>
Severity: high Docs Contact:
Priority: high    
Version: 3.1.0CC: acathrow, dyasny, ecohen, iheim, mkenneth, Rhev-m-bugs, sgrinber, ykaul, yzaslavs
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard: virt
Fixed In Version: si19 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Ondra Machacek 2012-09-17 10:38:50 UTC 
Description of problem:
VmPoolAdmin role cant create/edit vmpools in webadmin.

Version-Release number of selected component (if applicable):


How reproducible:
always

Steps to Reproduce:
1. Login as admin to webadmin.
2. Add some user to webadmin.
3. To this user add VmPoolAdmin permissions on DC.
4. Log as user to webadmin.
5. Try to create/edit some vmpool.
  
Actual results:
Unable to create/edit vmpool.

Expected results:
Shoud create/edit vmpool.

Additional info:
Comment 1 Itamar Heim 2012-09-17 15:08:12 UTC 
oved - is vmpooladmin to manage a pool or create one?
Comment 2 Oved Ourfali 2012-09-19 06:26:53 UTC 
(In reply to comment #1)
> oved - is vmpooladmin to manage a pool or create one?

It should be able to do every pool-related operation (Creation, editing and deletion).
Comment 3 Oved Ourfali 2012-09-19 06:28:35 UTC 
(In reply to comment #0)
> Description of problem:
> VmPoolAdmin role cant create/edit vmpools in webadmin.
> 
> Version-Release number of selected component (if applicable):
> 
> 
> How reproducible:
> always
> 
> Steps to Reproduce:
> 1. Login as admin to webadmin.
> 2. Add some user to webadmin.
> 3. To this user add VmPoolAdmin permissions on DC.
> 4. Log as user to webadmin.
> 5. Try to create/edit some vmpool.
>   
> Actual results:
> Unable to create/edit vmpool.
> 
> Expected results:
> Shoud create/edit vmpool.
> 
> Additional info:

I'll try to reproduce.
Next time, please also attach the logs, or at least what was the failure.

Thank you.
Comment 4 Oved Ourfali 2012-09-19 07:11:02 UTC 
Okay.
Looks like the issue there is that you also need CREATE_VM permissions on the DC in order to add/edit a VM pool.

So we have a few options here:
1. Say it makes sense, and leave it as is.
2. Add CREATE_VM action group to VmPoolAdmin.
3. Remove the requirement - will be more complex (not impossible, but it may have an effect on other flows as well).
Comment 5 Simon Grinberg 2012-09-23 12:33:31 UTC 
(In reply to comment #4)
> Okay.
> Looks like the issue there is that you also need CREATE_VM permissions on
> the DC in order to add/edit a VM pool.
> 
> So we have a few options here:
> 1. Say it makes sense, and leave it as is.
> 2. Add CREATE_VM action group to VmPoolAdmin.

Need to make it as simple as possible for the user.
VM Pool admin is the equivalent of a Single VM admin. So this is the preferred option. PMPoolAdmin should have the privileges to create VMs
Comment 6 Oved Ourfali 2012-09-23 13:26:48 UTC 
Commit: a183c3f2562db31ef7896204e749d25ec1f09158

http://gerrit.ovirt.org/gitweb?p=ovirt-engine.git;a=commit;h=a183c3f2562db31ef7896204e749d25ec1f09158