Description of problem:
After upgrading RHEV-M from 3.4.5 to 3.5.3, users with a role that does not have VM -> Provisioning Operations -> Create permit can no longer live migrate already existing VMs.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Copy the "SuperUser" administration role into a new role.
2. Edit "Copy_of_SuperUser" role and uncheck action VM --> Provisoning Operations --> Create .
3. Assign "Copy_of_SuperUser" role to a user in a directory.
4. Log in as such user and try to live migrate a VM.
Error while executing action:
User is not authorized to perform this action.
Also the following is logged to engine.log:
2015-08-07 13:44:20,071 INFO [org.ovirt.engine.core.bll.MigrateVmCommand] (ajp-/127.0.0.1:8702-4) [55cbcec9] No permission found for user f745277a-6867-4808-b35a-3b42155cd974 or one of the groups he is member of, when running action MigrateVm, Required permissions are: Action type: USER Action group: CREATE_VM Object type: Cluster Object ID: 5b6123ac-d289-4679-bb70-9f12501dc183.
2015-08-07 13:44:20,071 WARN [org.ovirt.engine.core.bll.MigrateVmCommand] (ajp-/127.0.0.1:8702-4) [55cbcec9] CanDoAction of action MigrateVm failed for user firstname.lastname@example.org. Reasons: VAR__ACTION__MIGRATE,VAR__TYPE__VM,USER_NOT_AUTHORIZED_TO_PERFORM_ACTION
User can live migrate VMs as it was possible in RHEV-M 3.4.
This is a regression versus 3.4 behaviour.
I am able to migrate vm with user wihtout : VM -> Provisioning Operations ->
*** Bug 1271488 has been marked as a duplicate of this bug. ***
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.