The permission of snapshots can be configured through the custom roles:
VM -> Provisioning Operations -> Edit Snapshots
I've added a new, predefined Role, called VM run time manager, which includes the permissions of UserVmManager only without the vm snapshot manipulation.
The permission that should be used for live storage snapshot is DISK_LIVE_STORAGE_MIGRATION.
This permission should be added to the permission DISK_STORAGE_MANIPULATION for the complete operation to work properly.
Maor, can you please list all The new roles and their explicit permissions.
right now I know only about the DISK_LIVE_STORAGE_MIGRATION permission, is there any other new ones?
(In reply to Ori Gofen from comment #16)
> Maor, can you please list all The new roles and their explicit permissions.
> right now I know only about the DISK_LIVE_STORAGE_MIGRATION permission, is
> there any other new ones?
The new DISK_LIVE_STORAGE_MIGRATION permission enable RHEVM admin to prevent this action from a certain user.
I am verifying this one according to doc text.
please be advised: per comment #17 there are no new Snapshot operation permissions that had been added with this RFE
Thanks for the doctext, Andrew!
However, I think there's some confusion here. DISK_STORAGE_MANIPULATION and DISK_LIVE_STORAGE_MIGRATION are different permissions.
Prior to this fix, DISK_STORAGE_MANIPULATION also allowed users to perform live storage migration. With this fix, a new permission, DISK_LIVE_STORAGE_MIGRATION was introduced to allow performing live storage migration, and DISK_STORAGE_MANIPULATION no longer allows to perform this operation. When upgrading to a version that includes this fix (3.6.0, or the z-stream clone on 3.5.1), this new permission is granted to all the roles that had the old DISK_STORAGE_MANIPULATION (Data Center Admin, Storage Admin, Cluster Admin, or any custom role the user may have created), so that the functionality of the system isn't impacted. This allows the admin to later create roles (or edit his pre-existing custom roles) to give some user the capability of doing some administrive operations excluding live storage migration.
Thank you for the excellent feedback!
Doctext updated as per your suggestion.
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.