Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 906858

Summary: [User Portal] Permissions on a VM are not propagated fully to template
Product: Red Hat Enterprise Virtualization Manager Reporter: Jiri Belka <jbelka>
Component: ovirt-engine-userportalAssignee: Libor Spevak <lspevak>
Status: CLOSED NOTABUG QA Contact: Pavel Stehlik <pstehlik>
Severity: high Docs Contact:
Priority: unspecified    
Version: 3.2.0CC: acathrow, dyasny, ecohen, iheim, lsvaty, michal.skrivanek, oourfali, Rhev-m-bugs, sgrinber, ykaul
Target Milestone: ---Keywords: Triaged
Target Release: 3.3.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard: virt
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-03-11 06:57:48 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
engine.log none

Description Jiri Belka 2013-02-01 17:44:47 UTC 
Created attachment 691643 [details]
engine.log

Description of problem:
I have create a VM, add permission to a user 'vdcadmin' with 'UserRole', then create template from this VM and the template lost this permission. I would expect permissions would be kept.

users on a VM:

$ curl -sk -X GET -u 'admin@internal:xx' -H 'Accept: application/xml' https://10.34.63.76/api/vms/be7c09d6-6c4b-4653-aff8-655e5e24bb4d/permissions | grep \<user | sort | uniq
        <user href="/api/users/77e2e25b-4eb5-4f87-9031-34950190e8b3" id="77e2e25b-4eb5-4f87-9031-34950190e8b3"/>
        <user href="/api/users/cb247811-efee-4fa7-938c-c7e1c8faaa8f" id="cb247811-efee-4fa7-938c-c7e1c8faaa8f"/>
        <user href="/api/users/fdfc627c-d875-11e0-90f0-83df133b58cc" id="fdfc627c-d875-11e0-90f0-83df133b58cc"/>

users on newly created template:

[jbelka@dhcp131-187 ~]$ curl -sk -X GET -u 'admin@internal:xx' -H 'Accept: application/xml' https://10.34.63.76/api/templates/bca820e0-b3fe-4ef4-aab9-a84a9c09dc0e/permissions | grep \<user | sort | uniq
        <user href="/api/users/77e2e25b-4eb5-4f87-9031-34950190e8b3" id="77e2e25b-4eb5-4f87-9031-34950190e8b3"/>
        <user href="/api/users/eee00000-0000-0000-0000-123456789eee" id="eee00000-0000-0000-0000-123456789eee"/>
        <user href="/api/users/fdfc627c-d875-11e0-90f0-83df133b58cc" id="fdfc627c-d875-11e0-90f0-83df133b58cc"/>

users on newly created vm based on the template:

$ curl -sk -X GET -u 'admin@internal:xx' -H 'Accept: application/xml' https://10.34.63.76/api/vms/2d2606cc-92b9-4d21-9f53-14c56a57d284/permissions | grep \<user | sort | uniq
        <user href="/api/users/77e2e25b-4eb5-4f87-9031-34950190e8b3" id="77e2e25b-4eb5-4f87-9031-34950190e8b3"/>
        <user href="/api/users/fdfc627c-d875-11e0-90f0-83df133b58cc" id="fdfc627c-d875-11e0-90f0-83df133b58cc"/>

vdcadmin:

$ curl -sk -X GET -u 'admin@internal:xx' -H 'Accept: application/xml' https://10.34.63.76/api/users | sed -n '/cb247811-efee-4fa7-938c-c7e1c8faaa8f/,/<name>/p' | head -n2
    <user href="/api/users/cb247811-efee-4fa7-938c-c7e1c8faaa8f" id="cb247811-efee-4fa7-938c-c7e1c8faaa8f">
        <name>vdcadmin</name>

the missing user is 'vdcadmin' who had 'UserRole' role.


Version-Release number of selected component (if applicable):
sf5

How reproducible:
100%

Steps to Reproduce:
1. create a vm in user portal
2. assing a user with userrole to this vm
3. create a template based on this vm
4. create a vm based on this template
  
Actual results:
dropped permission on template

Expected results:
kept permission on templates

Additional info: