Bug 855779 - creating an external disk should require CREATE_DISK permissions on System level
Summary: creating an external disk should require CREATE_DISK permissions on System level
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Red Hat Enterprise Virtualization Manager
Classification: Red Hat
Component: ovirt-engine
Version: 3.1.0
Hardware: Unspecified
OS: Unspecified
unspecified
high
Target Milestone: ---
: 3.1.0
Assignee: Oved Ourfali
QA Contact: Dafna Ron
URL:
Whiteboard: storage
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2012-09-10 09:25 UTC by Oved Ourfali
Modified: 2016-02-10 20:24 UTC (History)
11 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:
oVirt Team: Storage
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)

Description Oved Ourfali 2012-09-10 09:25:05 UTC
Description of problem:
Today, when creating an external disk, backend requires CREATE_DISK permissions on storage domain with empty guid --> which maps to the blank template.

The correct requirement should be a CREATE_DISK permissions on the System object (like for creating new storage domains).

How reproducible:
Always

Steps to Reproduce:
1. Give user XXX DCAdmin on some DC.
2. Try creating an external disk --> fails the permissions check
3. Give user XXX DiskCreator permissions on the blank template
4. Try creating an external disk --> Succeeds
  
Actual results:
"2" fails and "4" succeeds.

Expected results:
Both "2" and "4" should fail.
One should have CREATE_DISK on the system object in order to create an external disk.
So once you give XXX StorageAdmin permissions on the system level, you'll be able to create an external disk.

Comment 1 Oved Ourfali 2012-09-10 11:16:09 UTC
Posted to gerrit:
http://gerrit.ovirt.org/#/c/7893/

Comment 2 Oved Ourfali 2012-09-11 07:05:24 UTC
Commit: 3e0afffece27875d9605fd6990e164995d2e029a

http://gerrit.ovirt.org/gitweb?p=ovirt-engine.git;a=commit;h=3e0afffece27875d9605fd6990e164995d2e029a

Comment 3 Allon Mureinik 2012-09-11 07:31:19 UTC
Merged If0044f46fb6fb319a64b4df4192180dcb98cbc41

Comment 4 Dafna Ron 2012-09-21 10:22:39 UTC
verified on si18
user fails with both permissions


Note You need to log in before you can comment on or make changes to this bug.