Description of problem: oVirt 4.2.2 adds the option for ISOs to be uploaded through the web interface. There does not appear, however, to be a way to grant a user permission that will allow end-users to upload ISOs to one or more specific Data Domains through the web interface. Granting the 'DiskCreator' role on a Data Domain to user does not allow ISO uploads, although it allows disk uploads. Granting the 'DiskCreator' System permission *does* work but that is insufficiently granular because it allows the end-user to perform those operations on *all* Data Domains. Version-Release number of selected component (if applicable): ovirt-engine 4.2.2.6-1.el7.centos How reproducible: Grant a user 'SuperUser' and 'DiskCreator' roles on a specific Data Domain, Attempt to upload an ISO to that Data Domain as that user. Steps to Reproduce: 1. Log onto Administration Panel, then go to Storage -> Domain and choose a Data Domain. 2. Under the 'Permissions' sub-menu for that Data Domain add the 'SuperUser' and 'DiskCreator' Roles for a user that does not already have Administrator-level System Permissions. 3. Log onto the Administration Panel as that user, navigate to the chosen Data Domain, go to to 'Disks' sub-menu and attempt to upload an ISO Actual results: A dialog appears: "Operation Canceled Error while executing action: User is not authorized to perform this action." Expected results: The web interface shows the transfer/upload in progress and the ISO upload attempt succeeds, whereupon the ISO is available for use (booting VMs). Additional info: A corresponding entry appears in /var/log/ovirt-engine/engine.log on the oVirt management server when an attempt at uploading an ISO is made by the user: INFO [org.ovirt.engine.core.bll.storage.disk.image.TransferImageStatusCommand] (default task-40) [<TASK ID>] No permission found for user '<USER ID>' or one of the groups he is member of, when running action 'TransferImageStatus', Required permissions are: Action type: 'USER' Action group: 'CREATE_DISK' Object type: 'System' Object ID: '<OBJECT ID>'.
This bug has not been marked as blocker for oVirt 4.3.0. Since we are releasing it tomorrow, January 29th, this bug has been re-targeted to 4.3.1.
This bugzilla is included in oVirt 4.4.0 release, published on May 20th 2020. Since the problem described in this bug report should be resolved in oVirt 4.4.0 release, it has been closed with a resolution of CURRENT RELEASE. If the solution does not work for you, please open a new bug report.