Bug 855779 - creating an external disk should require CREATE_DISK permissions on System level
creating an external disk should require CREATE_DISK permissions on System level
Status: CLOSED CURRENTRELEASE
Product: Red Hat Enterprise Virtualization Manager
Classification: Red Hat
Component: ovirt-engine (Show other bugs)
3.1.0
Unspecified Unspecified
unspecified Severity high
: ---
: 3.1.0
Assigned To: Oved Ourfali
Dafna Ron
storage
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2012-09-10 05:25 EDT by Oved Ourfali
Modified: 2016-02-10 15:24 EST (History)
11 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed:
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: Storage
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Oved Ourfali 2012-09-10 05:25:05 EDT
Description of problem:
Today, when creating an external disk, backend requires CREATE_DISK permissions on storage domain with empty guid --> which maps to the blank template.

The correct requirement should be a CREATE_DISK permissions on the System object (like for creating new storage domains).

How reproducible:
Always

Steps to Reproduce:
1. Give user XXX DCAdmin on some DC.
2. Try creating an external disk --> fails the permissions check
3. Give user XXX DiskCreator permissions on the blank template
4. Try creating an external disk --> Succeeds
  
Actual results:
"2" fails and "4" succeeds.

Expected results:
Both "2" and "4" should fail.
One should have CREATE_DISK on the system object in order to create an external disk.
So once you give XXX StorageAdmin permissions on the system level, you'll be able to create an external disk.
Comment 1 Oved Ourfali 2012-09-10 07:16:09 EDT
Posted to gerrit:
http://gerrit.ovirt.org/#/c/7893/
Comment 2 Oved Ourfali 2012-09-11 03:05:24 EDT
Commit: 3e0afffece27875d9605fd6990e164995d2e029a

http://gerrit.ovirt.org/gitweb?p=ovirt-engine.git;a=commit;h=3e0afffece27875d9605fd6990e164995d2e029a
Comment 3 Allon Mureinik 2012-09-11 03:31:19 EDT
Merged If0044f46fb6fb319a64b4df4192180dcb98cbc41
Comment 4 Dafna Ron 2012-09-21 06:22:39 EDT
verified on si18
user fails with both permissions

Note You need to log in before you can comment on or make changes to this bug.