Description of problem: Version-Release number of selected component (if applicable): How reproducible: Steps to Reproduce: 1. Created a user with Zone creator role 2. Created a zone , Filter view , destroy zone , zone gets deleted 3. Created a user with Zone Administrator role , it is also able to destroy zone. I think no admin rights should be given to Zone creator. Please correct if i am wrong. Actual results: Expected results: Additional info: rpm -qa|grep aeolus aeolus-conductor-0.8.0-36.el6.noarch rubygem-aeolus-cli-0.3.0-10.el6.noarch aeolus-conductor-daemons-0.8.0-36.el6.noarch aeolus-configure-2.5.0-15.el6.noarch rubygem-aeolus-image-0.3.0-10.el6.noarch aeolus-all-0.8.0-36.el6.noarch aeolus-conductor-doc-0.8.0-36.el6.noarch
Zone creator _only_ gives rights to create zones. However, whoever creates a zone (or a pool or an instance or pretty much _anything_ then automatically gets "owner-level" permissions on that object and can delete it. In other words, if you have 2 zone creators user1 and user2. user1 creates zone1, user2 creates zone2. Since 'zone creator' does not impart zone delete permissions, user1 may not delete zone2, and user2 may not delete zone 1. But since user1 is a zone owner/admin for zone1, he _may_ delete that one. I think this is NOTABUG.
Wes, actually we're going to be removing the 'Zone Creator' role entirely, so this bug won't be relevant anymore.
Once bug 800511 is fixed, the Zone Creator role will no longer exist.
*** This bug has been marked as a duplicate of bug 800511 ***