Description of problem: When trying to add disks through the user portal, in the add disk dialog, it fails to find active storage domains (red warning at the bottom of the dialog). The only way to fix this is adding VmCreator role to the user, on the storage domain. Version-Release number of selected component (if applicable): How reproducible: Always, when the user is not a VMCreator on the storage domain. Steps to Reproduce: 1. Add a new VM from the user portal 2. Try to add disks to this VM from the user portal Actual results: See the red warning, and the fact that no storage domains are showed in the storage domain list in the dialog. Expected results: Getting the available storage domains, choosing one, and adding the disk successfully. Additional info: Fix can be done in VmDiskListModel class, AddDiskUpdateData method, by using ActionGroup.CREATE_DISK instead of ActionGroup.CREATE_VM.
Also note that the user must have DiskCreator permissions on the relevant storage domain(s).
(In reply to comment #1) > Also note that the user must have DiskCreator permissions on the relevant > storage domain(s). what's the version\build you worked on ?
Solution will include: 1. Adding the CREATE_DISK permission to VmCreator, to allow VM creators to also add disks to the VM. 2. UI fix - to show storage domains with CREATE_DISK permissions on them, instead of CREATE_VM permissions 3. MLA fixes a. make the DC a parent of the storage domains b. Use the allow viewing children only on templates, disks and VMs (today it is used on all objects). This is in order to show, for example, all the clusters in the DC that the user has VmCreator role on, so that he can see them through the user API (the user portal uses a different query for that).
Patches posted upstream, after some sanity testing. Plan to do some more testing on them before marking them as verified. http://gerrit.ovirt.org/#/c/7001 http://gerrit.ovirt.org/#/c/7002 http://gerrit.ovirt.org/#/c/7003 http://gerrit.ovirt.org/#/c/7004
The patches above are now merged upstream.
I've encountered this behavior when I added PowerUser permission to the user on DC level (reported in bug 839319) - could you check that scenario as well?
(In reply to comment #8) > I've encountered this behavior when I added PowerUser permission to the user > on DC level (reported in bug 839319) - could you check that scenario as well? I did the following testing (with my patches above): Added a new user, and gave him power user role on the DC. Then, I logged in with it to the user portal, added a new VM, and added a new disk. It worked well. One of the changes I did was to make the storage domain inherit the permissions from the DC, so looks like that was what solved your scenario, as PowerUser has permissions to create disks, and with my patches this permission also propogates to the storage domains.
Verified - si14 - this beahviour no longer reproduces. Following flows were tested: 1. Granted VmCreator role on the DC: - it will allow user to create VMs, and once user adds VM (s)he'll become the owner of it, with a UserVmManager role - it will also allow her/him to create disks to this VM (as VmCreator has permissions to CREATE_DISK and CONFIGURE_VM_STORAGE). 2. Granted VmCreator role on a cluster, and DiskCreator on some DC/Storage domain. - VmCreator will allow user to create VMs, and once user adds VM (s)he'll become the owner of it, with a UserVmManager role - DiskCreator will allow user to create a disk, but user still needs rights to attach it to the VM (done in one step, but just wanted to clarify the permissions needed). So, the CONFIGURE_VM_STORAGE permission user gets from the VmCreator will allow this disk to be attached to the VM.