seems I need to have VMPoolAdmin on a cluster to be able to create a pool. That is fine. But the requirement to have the same on a template seems wrong. IMHO I should be able to use any template I have access to (e.g. PowerUser should be enough). Currently even TemplateOwner doesn't work. I'd suggest to drop extra checks on template.
When adding regular VM today, we check the user has CREATE_VM action group both on the cluster, and on the Template. I guess the reason for doing this validation on the template is to prevent administrators from creating a VM from any template, as they can see all templates. Not sure this check is really needed... Now, the same check is done when adding a VM pool, but with the CREATE_VM_POOL action group. I suggest that we either remove this permission requirement from both commands, or test for CREATE_VM on the template in the VM Pool use-case, rather than testing for CREATE_VM_POOL on it. That way, having a VmPoolAdmin on the cluster should be enough for creating a VM pool on it (need to be tested, of course, but it looks like it should work). Thoughts?
i agree with requiring CREATE_VM for template also when creating pool, this is what i had in mind as well
Setting target release to current version for consideration and review. please do not push non-RFE bugs to an undefined target release to make sure bugs are reviewed for relevancy, fix, closure, etc.
This is an automated message. Re-targeting all non-blocker bugs still open on 3.4.0 to 3.4.1.
merged u/s as e88336ef6b70a34e517d6d1886e4fc2484fbcc0b
This is an automated message oVirt 3.4.1 has been released: * should fix your issue * should be available at your local mirror within two days. If problems still persist, please make note of it in this bug report.