Description of problem: LDAP users or groups with the Power User and Super User permissions are unable to migrate storage. Only admin@internal is able to live migrate disks. Version-Release number of selected component (if applicable): 3.3 How reproducible: 100% Steps to Reproduce: 1.Enable external authentication 2.Give specific users or groups the Super User and or Power user role over the data center 3. Attempt to live migrate storage to another storage domain Actual results: USER_NOT_AUTHORIZED_TO_PERFORM_ACTION Expected results: Disk should migrate to other storage domain Additional info:
PowerUser shouldn't be able to do that. However, SuperUser on the DC should, assuming that you move the disks to a storage domain in the same DC (iiuc you can't really do that to a different DC).
(In reply to Oved Ourfali from comment #1) > PowerUser shouldn't be able to do that. > However, SuperUser on the DC should, assuming that you move the disks to a > storage domain in the same DC (iiuc you can't really do that to a different > DC). Yes I'm moving disks between storage domains on the same DC. And like I said in the problem description the admin@internal user has no problems doing so
Daniel, please take a look?
Hi Maurice, - Can you please attach the relevant engine logs? - For live migration, a disk should have "Edit Storage" action group (Under: Role -> Disk -> Provisioning Operations). Hence, 'SuperUser' should have sufficient permissions whereas PowerUser shouldn't.
(In reply to Daniel Erez from comment #4) > - For live migration, a disk should have "Edit Storage" action group (Under: > Role -> Disk -> Provisioning Operations). Hence, 'SuperUser' should have > sufficient permissions whereas PowerUser shouldn't. Daniel, AFAIK, these are the same permissions a cold move operation requires. If a Power User can't move a disk, this seems like a bug. What am I missing?
(In reply to Allon Mureinik from comment #5) > (In reply to Daniel Erez from comment #4) > > - For live migration, a disk should have "Edit Storage" action group (Under: > > Role -> Disk -> Provisioning Operations). Hence, 'SuperUser' should have > > sufficient permissions whereas PowerUser shouldn't. > > Daniel, AFAIK, these are the same permissions a cold move operation > requires. If a Power User can't move a disk, this seems like a bug. > What am I missing? We're currently not exposing the 'Move' button in the user portal at all, hence it wasn't needed to add these permissions to a PowerUser.
This is an automated message oVirt 3.4.1 has been released: * should fix your issue * should be available at your local mirror within two days. If problems still persist, please make note of it in this bug report.
The needinfo request[s] on this closed bug have been removed as they have been unresolved for 1000 days