Bug 1251893 - VM --> Provisoning Operations --> Create permit required for live migrations in 3.5
VM --> Provisoning Operations --> Create permit required for live migrations ...
Status: CLOSED ERRATA
Product: Red Hat Enterprise Virtualization Manager
Classification: Red Hat
Component: ovirt-engine (Show other bugs)
3.5.3
All Linux
high Severity high
: ovirt-3.6.0-rc
: 3.6.0
Assigned To: Tomas Jelinek
Ondra Machacek
: Regression, ZStream
: 1271488 (view as bug list)
Depends On:
Blocks: 1255061
  Show dependency treegraph
 
Reported: 2015-08-10 04:54 EDT by Julio Entrena Perez
Modified: 2016-03-09 16:11 EST (History)
13 users (show)

See Also:
Fixed In Version: 3.6.0-10
Doc Type: Bug Fix
Doc Text:
Previously, users without VM -> Provisioning Operations -> Create permission were unable to live migrate virtual machines. This has now been fixed and such permission is no longer needed.
Story Points: ---
Clone Of:
: 1255061 (view as bug list)
Environment:
Last Closed: 2016-03-09 16:11:19 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: Virt
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Knowledge Base (Solution) 1568833 None None None Never
oVirt gerrit 44791 master MERGED core: added permissions needed to change cluster only when changing the cluster Never
oVirt gerrit 44793 ovirt-engine-3.6 MERGED core: added permissions needed to change cluster only when changing the cluster Never
oVirt gerrit 44847 ovirt-engine-3.5 MERGED core: added permissions needed to change cluster only when changing the cluster Never

  None (edit)
Description Julio Entrena Perez 2015-08-10 04:54:51 EDT
Description of problem:
After upgrading RHEV-M from 3.4.5 to 3.5.3, users with a role that does not have VM -> Provisioning Operations -> Create permit can no longer live migrate already existing VMs.

Version-Release number of selected component (if applicable):
rhevm-backend-3.5.3.1-1.4.el6ev

How reproducible:
Always

Steps to Reproduce:
1. Copy the "SuperUser" administration role into a new role.
2. Edit "Copy_of_SuperUser" role and uncheck action VM --> Provisoning Operations --> Create .
3. Assign "Copy_of_SuperUser" role to a user in a directory.
4. Log in as such user and try to live migrate a VM.

Actual results:

Operation Canceled
Error while executing action:

<vm_name>:

    User is not authorized to perform this action.

Also the following is logged to engine.log:

2015-08-07 13:44:20,071 INFO  [org.ovirt.engine.core.bll.MigrateVmCommand] (ajp-/127.0.0.1:8702-4) [55cbcec9] No permission found for user f745277a-6867-4808-b35a-3b42155cd974 or one of the groups he is member of, when running action MigrateVm, Required permissions are: Action type: USER Action group: CREATE_VM Object type: Cluster  Object ID: 5b6123ac-d289-4679-bb70-9f12501dc183.
2015-08-07 13:44:20,071 WARN  [org.ovirt.engine.core.bll.MigrateVmCommand] (ajp-/127.0.0.1:8702-4) [55cbcec9] CanDoAction of action MigrateVm failed for user user1@jentrena.usersys.redhat.com. Reasons: VAR__ACTION__MIGRATE,VAR__TYPE__VM,USER_NOT_AUTHORIZED_TO_PERFORM_ACTION


Expected results:
User can live migrate VMs as it was possible in RHEV-M 3.4.

Additional info:
This is a regression versus 3.4 behaviour.
Comment 3 Ondra Machacek 2015-09-09 08:43:07 EDT
I am able to migrate vm with user wihtout : VM -> Provisioning Operations -> 
Create permision. 


3.6.0-0.13.master.el6
Comment 4 Omer Frenkel 2015-10-15 06:55:29 EDT
*** Bug 1271488 has been marked as a duplicate of this bug. ***
Comment 6 errata-xmlrpc 2016-03-09 16:11:19 EST
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHEA-2016-0376.html

Note You need to log in before you can comment on or make changes to this bug.