Version: rhevm-3.6.3.2-0.1.el6.noarch Created a user "user" as a PowerUser on the Data Center In Power User Portal tried to create a VM from existing template (template has 1 disk). The disk profile is empty, resulting in: 2015-11-13 22:24:43,816 WARN [org.ovirt.engine.core.bll.AddVmCommand] (ajp-/127.0.0.1:8702-6) [] CanDoAction of action 'AddVm' failed for user user@internal. Reasons: VAR__ACTION__ADD,VAR__TYPE__VM,USER_NOT_AUTHORIZED_TO_ATTACH_DISK_PROFILE when tried to create the VM. In Storage/Disk Profiles the user is listed (not sure why or what it is supposed to mean, as the Administration Guide doesn't explain it). I was able to make it work by granting DiskProfileUser to DC, then it worked, though the profile (there is only one) was not shown in the dialog
worth noting I had the data domain on local storage
Bug tickets must have version flags set prior to targeting them to a release. Please ask maintainer to set the correct version flags and only then set the target milestone.
restoring flags
I added a patch that solved this bug. But, unfortunately it revealed a new bug that prevents us from creating a VM from a template with disk. virt team is working on it. The problem that Power User doesn't have the necessary permissions to create a VM from a template with disk is solved by this patch.
Isn't this a duplicate of bz1209505? If that is the case, we should be adding 'Attach Disk Profile' permission to all roles.
Verified with: rhevm-3.6.5.3-0.1.el6.noarch 2016-04-14 17:00:17,144 INFO [org.ovirt.engine.core.bll.AddVmCommand] (ajp-/127.0.0.1:8702-9) [5f76c910] Lock Acquired to object 'EngineLock:{exclusiveLocks='[vm_from_template1=<VM_NAME, ACTION_TYPE_FAILED_OBJECT_LOCKED>]', sharedLocks='[e0556af5-ccea-4e0a-b4cc-5c429863622e=<TEMPLATE, ACTION_TYPE_FAILED_TEMPLATE_IS_USED_FOR_CREATE_VM$VmName vm_from_template1>, fa684148-ee6b-4407-9ee7-75e770da8d03=<DISK, ACTION_TYPE_FAILED_DISK_IS_USED_FOR_CREATE_VM$VmName vm_from_template1>]'}' 2016-04-14 17:00:19,999 INFO [org.ovirt.engine.core.bll.AddVmCommand] (ajp-/127.0.0.1:8702-9) [5f76c910] Running command: AddVmCommand internal: false. Entities affected : ID: 00000002-0002-0002-0002-00000000024a Type: VdsGroupsAction group CREATE_VM with role type USER, ID: e0556af5-ccea-4e0a-b4cc-5c429863622e Type: VmTemplateAction group CREATE_VM with role type USER, ID: 9334a0df-51f6-48fb-90eb-5c67e742b0e4 Type: StorageAction group CREATE_DISK with role type USER ... 2016-04-14 17:00:37,195 INFO [org.ovirt.engine.core.bll.AddVmCommand] (DefaultQuartzScheduler_Worker-47) [] Lock freed to object 'EngineLock:{exclusiveLocks='[vm_from_template1=<VM_NAME, ACTION_TYPE_FAILED_OBJECT_LOCKED>]', sharedLocks='[e0556af5-ccea-4e0a-b4cc-5c429863622e=<TEMPLATE, ACTION_TYPE_FAILED_TEMPLATE_IS_USED_FOR_CREATE_VM$VmName vm_from_template1>, fa684148-ee6b-4407-9ee7-75e770da8d03=<DISK, ACTION_TYPE_FAILED_DISK_IS_USED_FOR_CREATE_VM$VmName vm_from_template1>]'}' 2016-04-14 17:00:37,331 INFO [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] (DefaultQuartzScheduler_Worker-47) [] Correlation ID: 5f76c910, Job ID: 8473bf5a-7933-40e1-b63f-081d4534440c, Call Stack: null, Custom Event ID: -1, Message: VM vm_from_template1 creation has been completed.
It's not a duplicate since this happens also when no storage domain is created. Power user should be able to 'create vm from existing template' and for that he/she needs permissions to 'attach disk profile'. This patch should be part of the code base.