Bug 1564509 - Unable to grant user permissions to upload ISOs through the web interface
Summary: Unable to grant user permissions to upload ISOs through the web interface
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: ovirt-engine
Classification: oVirt
Component: Frontend.WebAdmin
Version: 4.2.2
Hardware: All
OS: Unspecified
unspecified
medium
Target Milestone: ovirt-4.4.0
: ---
Assignee: Fedor Gavrilov
QA Contact: Pavel Novotny
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2018-04-06 13:18 UTC by doc-help
Modified: 2020-05-20 20:02 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2020-05-20 20:02:03 UTC
oVirt Team: Storage
Embargoed:
pm-rhel: ovirt-4.4+

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
oVirt gerrit 104565 0 master MERGED core: allow users to upload ISOs through the web interface 2020-09-15 17:44:35 UTC

Description doc-help 2018-04-06 13:18:43 UTC 
Description of problem:

oVirt 4.2.2 adds the option for ISOs to be uploaded through the
web interface.  There does not appear, however, to be a way to
grant a user permission that will allow end-users to upload ISOs
to one or more specific Data Domains through the web interface.

Granting the 'DiskCreator' role on a Data Domain to user does not
allow ISO uploads, although it allows disk uploads.  Granting
the 'DiskCreator' System permission *does* work but that is
insufficiently granular because it allows the end-user to perform
those operations on *all* Data Domains.

Version-Release number of selected component (if applicable):
ovirt-engine 4.2.2.6-1.el7.centos 

How reproducible:

Grant a user 'SuperUser' and 'DiskCreator' roles on a specific Data Domain,
Attempt to upload an ISO to that Data Domain as that user.

Steps to Reproduce:
1. Log onto Administration Panel, then go to Storage -> Domain and choose a Data Domain.
2. Under the 'Permissions' sub-menu for that Data Domain add the 'SuperUser' and 'DiskCreator' Roles for a user that does not already have Administrator-level
System Permissions.
3. Log onto the Administration Panel as that user, navigate to the chosen Data
Domain, go to to 'Disks' sub-menu and attempt to upload an ISO

Actual results:
A dialog appears:

"Operation Canceled
Error while executing action: User is not authorized to perform this action."


Expected results:
The web interface shows the transfer/upload in progress and the ISO upload attempt succeeds, whereupon the ISO is available for use (booting VMs).

Additional info:

A corresponding entry appears in /var/log/ovirt-engine/engine.log
on the oVirt management server when an attempt at uploading an ISO
is made by the user:

INFO
[org.ovirt.engine.core.bll.storage.disk.image.TransferImageStatusCommand]
(default task-40) [<TASK ID>] No permission found for user '<USER ID>' or one of the groups he is member of, when running action 'TransferImageStatus',
Required permissions are: Action type: 'USER' Action group:
'CREATE_DISK' Object type: 'System'  Object ID: '<OBJECT ID>'.
Comment 1 Sandro Bonazzola 2019-01-28 09:41:17 UTC 
This bug has not been marked as blocker for oVirt 4.3.0.
Since we are releasing it tomorrow, January 29th, this bug has been re-targeted to 4.3.1.
Comment 5 Sandro Bonazzola 2020-05-20 20:02:03 UTC 
This bugzilla is included in oVirt 4.4.0 release, published on May 20th 2020.

Since the problem described in this bug report should be
resolved in oVirt 4.4.0 release, it has been closed with a resolution of CURRENT RELEASE.

If the solution does not work for you, please open a new bug report.
Note You need to log in before you can comment on or make changes to this bug.