Bug 1251893 - VM --> Provisoning Operations --> Create permit required for live migrations in 3.5
Summary: VM --> Provisoning Operations --> Create permit required for live migrations ...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Virtualization Manager
Classification: Red Hat
Component: ovirt-engine
Version: 3.5.3
Hardware: All
OS: Linux
high
high
Target Milestone: ovirt-3.6.0-rc
: 3.6.0
Assignee: Tomas Jelinek
QA Contact: Ondra Machacek
URL:
Whiteboard:
: 1271488 (view as bug list)
Depends On:
Blocks: 1255061
TreeView+ depends on / blocked
 
Reported: 2015-08-10 08:54 UTC by Julio Entrena Perez
Modified: 2019-09-12 08:48 UTC (History)
13 users (show)

Fixed In Version: 3.6.0-10
Doc Type: Bug Fix
Doc Text:
Previously, users without VM -> Provisioning Operations -> Create permission were unable to live migrate virtual machines. This has now been fixed and such permission is no longer needed.
Clone Of:
: 1255061 (view as bug list)
Environment:
Last Closed: 2016-03-09 21:11:19 UTC
oVirt Team: Virt
Target Upstream Version:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Knowledge Base (Solution) 1568833 0 None None None Never
Red Hat Product Errata RHEA-2016:0376 0 normal SHIPPED_LIVE Red Hat Enterprise Virtualization Manager 3.6.0 2016-03-10 01:20:52 UTC
oVirt gerrit 44791 0 master MERGED core: added permissions needed to change cluster only when changing the cluster Never
oVirt gerrit 44793 0 ovirt-engine-3.6 MERGED core: added permissions needed to change cluster only when changing the cluster Never
oVirt gerrit 44847 0 ovirt-engine-3.5 MERGED core: added permissions needed to change cluster only when changing the cluster Never

Description Julio Entrena Perez 2015-08-10 08:54:51 UTC 
Description of problem:
After upgrading RHEV-M from 3.4.5 to 3.5.3, users with a role that does not have VM -> Provisioning Operations -> Create permit can no longer live migrate already existing VMs.

Version-Release number of selected component (if applicable):
rhevm-backend-3.5.3.1-1.4.el6ev

How reproducible:
Always

Steps to Reproduce:
1. Copy the "SuperUser" administration role into a new role.
2. Edit "Copy_of_SuperUser" role and uncheck action VM --> Provisoning Operations --> Create .
3. Assign "Copy_of_SuperUser" role to a user in a directory.
4. Log in as such user and try to live migrate a VM.

Actual results:

Operation Canceled
Error while executing action:

<vm_name>:

    User is not authorized to perform this action.

Also the following is logged to engine.log:

2015-08-07 13:44:20,071 INFO  [org.ovirt.engine.core.bll.MigrateVmCommand] (ajp-/127.0.0.1:8702-4) [55cbcec9] No permission found for user f745277a-6867-4808-b35a-3b42155cd974 or one of the groups he is member of, when running action MigrateVm, Required permissions are: Action type: USER Action group: CREATE_VM Object type: Cluster  Object ID: 5b6123ac-d289-4679-bb70-9f12501dc183.
2015-08-07 13:44:20,071 WARN  [org.ovirt.engine.core.bll.MigrateVmCommand] (ajp-/127.0.0.1:8702-4) [55cbcec9] CanDoAction of action MigrateVm failed for user user1.redhat.com. Reasons: VAR__ACTION__MIGRATE,VAR__TYPE__VM,USER_NOT_AUTHORIZED_TO_PERFORM_ACTION


Expected results:
User can live migrate VMs as it was possible in RHEV-M 3.4.

Additional info:
This is a regression versus 3.4 behaviour.
Comment 3 Ondra Machacek 2015-09-09 12:43:07 UTC 
I am able to migrate vm with user wihtout : VM -> Provisioning Operations -> 
Create permision. 


3.6.0-0.13.master.el6
Comment 4 Omer Frenkel 2015-10-15 10:55:29 UTC 
*** Bug 1271488 has been marked as a duplicate of this bug. ***
Comment 6 errata-xmlrpc 2016-03-09 21:11:19 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHEA-2016-0376.html
Note You need to log in before you can comment on or make changes to this bug.