Bug 869433
Summary: | [MLA] StorageAdmin can't attach disk. | ||
---|---|---|---|
Product: | Red Hat Enterprise Virtualization Manager | Reporter: | Ondra Machacek <omachace> |
Component: | ovirt-engine | Assignee: | Nobody's working on this, feel free to take it <nobody> |
Status: | CLOSED NOTABUG | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | unspecified | ||
Version: | 3.1.0 | CC: | dyasny, iheim, lpeer, oourfali, Rhev-m-bugs, yeylon, ykaul |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2012-10-24 02:16:59 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Ondra Machacek
2012-10-23 21:17:34 UTC
storage admin is allowed to manage storage domains, and disks. not VMs. attaching/removing disks from VMs requires more permissions. I don't see this as a bug. So the backend shouldn't return that it can:
for r in API.roles.list():
if r.get_name() == 'StorageAdmin':
print 'attach_disk' in [p.get_name() for p in r.get_permits().list()]
>>> True
(In reply to comment #2) > So the backend shouldn't return that it can: > > for r in API.roles.list(): > if r.get_name() == 'StorageAdmin': > print 'attach_disk' in [p.get_name() for p in r.get_permits().list()] > > >>> True That's true as well. You need two permissions in order to attach a disk to a VM: 1. Permissions on the disk, that allows you to attach it - "ATTACH_DISK" on the disk. 2. Permissions on the VM, that allows you to configure storage for it - "CONFIGURE_VM_STORAGE". |