Description of problem: Calling storagedomains?follow=storage_domains with non admin users shows error 'insufficient permissions' in engine log and returns not all informations. Version-Release number of selected component (if applicable): ovirt-engine-restapi-4.3.0-0.0.master.20181016132820.gite60d148.el7.noarch How reproducible: always Steps to Reproduce: 1. call as nonadmin user with VmCreator role curl -k -u test@internal:passw -H "Prefer: persistent-auth" https://engine/ovirt-engine/api/datacenters?follow=storage_domains Actual results: storage element contains only: <storage> <type>nfs</type> </storage> error 3x in engine log 2018-10-19 15:36:02,485+02 ERROR [org.ovirt.engine.core.bll.storage.domain.GetStorageDomainListByIdQuery] (default task-29) [2873abfe-5332-48a6-a309-f46596df59da] Query execution failed due to insufficient permissions. Expected results: storage with all information and no error
It's because GetStorageDomainListByIdQuery is not user query.
(In reply to Ondra Machacek from comment #1) > It's because GetStorageDomainListByIdQuery is not user query. Exactly, why is this query needed for an unprivileged user?
VM portal calls that query when it checks available data storage domains for creating new disks. For VM portal are used only id, name and type of the storage_domain, so it's not necessary to return all values in <storage> element. But it shouldn't show error in engine.log
The Error message in the log removed. after adding GetStorageDomainListById(QueryAuthType.User) to QueryType but the storage domain information was intentionally filtered for admin only requests. this change was made in the following patch : https://gerrit.ovirt.org/c/7003 where the isFiltered() filters admin users only to view the infromation. https://github.com/oVirt/ovirt-engine/blob/23cb61706a11a589c7586b366fe0981291d4d816/backend/manager/modules/restapi/jaxrs/src/main/java/org/ovirt/engine/api/restapi/resource/BackendStorageDomainsResource.java#L334
No error in log and storage contains values that VM portal needs. verified in ovirt-engine-restapi-4.3.0.4-0.1.el7.noarch
This bugzilla is included in oVirt 4.3.0 release, published on February 4th 2019. Since the problem described in this bug report should be resolved in oVirt 4.3.0 release, it has been closed with a resolution of CURRENT RELEASE. If the solution does not work for you, please open a new bug report.