Bug 845230
| Summary: | ovirt-engine-backend [MLA]: Data center admin cannot put domains in maintenance | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Red Hat Enterprise Virtualization Manager | Reporter: | Dafna Ron <dron> | ||||
| Component: | ovirt-engine | Assignee: | Nobody's working on this, feel free to take it <nobody> | ||||
| Status: | CLOSED WONTFIX | QA Contact: | |||||
| Severity: | medium | Docs Contact: | |||||
| Priority: | medium | ||||||
| Version: | 3.1.0 | CC: | amureini, dyasny, iheim, lpeer, Rhev-m-bugs, sgrinber, yeylon, ykaul | ||||
| Target Milestone: | --- | ||||||
| Target Release: | 3.1.0 | ||||||
| Hardware: | x86_64 | ||||||
| OS: | Linux | ||||||
| Whiteboard: | storage | ||||||
| Fixed In Version: | Doc Type: | Bug Fix | |||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2013-02-03 12:25:27 UTC | Type: | Bug | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | Storage | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Attachments: |
|
||||||
reducing severity/priority until proven as a regression. need to remember storage domains permissions are only system wide, not DC wide since storage domains can float - so may be less than trivial as seems, etc. I checked with Simon and this is not a regression. in 3.0 also, we put the manipulate domains role under domains admin and not DC admin. however, I think we should fix that since domains are under the DC. so maybe add/detach domains permissions are not needed for DC admin but maintenance I think is. Closing old bugs. If this issue is still relevant/important in current version, please re-open the bug. |
Created attachment 601929 [details] log Description of problem: I am working with a Data Center Admin user. when I try put a domain in maintenance I am getting no indication on the action in the UI but log shows a CanDoAction: 2012-08-02 14:16:16,816 WARN [org.ovirt.engine.core.bll.storage.DeactivateStorageDomainCommand] (ajp-/127.0.0.1:8009-9) CanDoAction of action DeactivateStorageDomain failed. Reasons:USER_NOT_AUTHORIZED_TO_PERFORM_ACTION Version-Release number of selected component (if applicable): si12 How reproducible: 100% Steps to Reproduce: 1. create a Data Center Admin user (I actually gave the user permissions on the system as Data center admin so it should have permissions for all objects in the system). 2. try to deactivate a data domain 3. Actual results: although there is no indication on the action at all in the UI I can see in the log that user is getting a CanDoAction on action. Expected results: Data center Admin should be able to deactivate domains under the DC Additional info: engine log