Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 949950

Summary: User don't inherit permissions from dc on temaplte, which were created from vm without disk.
Product: Red Hat Enterprise Virtualization Manager Reporter: Ondra Machacek <omachace>
Component: ovirt-engineAssignee: Nobody <nobody>
Status: CLOSED WONTFIX QA Contact:
Severity: medium Docs Contact:
Priority: unspecified    
Version: 3.2.0CC: bsettle, gklein, lpeer, michal.skrivanek, oourfali, rbalakri, Rhev-m-bugs, yeylon
Target Milestone: ---Keywords: Automation, AutomationTriaged, Reopened
Target Release: 3.6.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard: virt
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-09-07 07:08:34 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 951935    

Description Ondra Machacek 2013-04-09 10:46:26 UTC 
Description of problem:
When vm is created without disk, then template is created from this vm. And there is user with ie TemplateOwner permissions on DC, then this TemplateOwner permissions are not inherted to template without disk.

Version-Release number of selected component (if applicable):
sf13

How reproducible:
always

Steps to Reproduce:
1. Create vm without disk.
2. Create template from this vm.
3. Add TemplateOwner permissions on DC to user1.
4. Check template permissions if user1 has TemplateOwner permissions
   inherited from DC.
  
Actual results:
User has not iherited permissions from DC.

Expected results:
User has iherited permissions from DC.

Additional info:
Found while verifying 921450.

Note - when user log in into UserPortal he can see this template, but he can't manipulate with it.
Comment 2 Oved Ourfali 2013-04-14 07:48:01 UTC 
Problem is in "fn_get_entity_parents" stored procedure.

Currently, the parents of a template are only system, and the DC in which the template disks are placed.

So, if the template has no disks, then it won't inherit permissions from the data center.

This is obviously a bug.
The question is - should the template permissions hierarchy be:
System
  DC
    Template

Or:

System
  DC
    Cluster
      Template

IMO it sounds like the former, but, looking at the templates main tab dialog (and the API), you can see both the cluster and the DC of a template, so perhaps it should be the latter. Simon?
Comment 4 Itamar Heim 2013-12-29 11:04:25 UTC 
Closing old bugs. If this issue is still relevant/important in current version, please re-open the bug.
Comment 5 Ondra Machacek 2014-03-04 22:27:11 UTC 
By comment #2 - consider the correct hiearchy of template permissions.
Comment 6 Oved Ourfali 2015-04-14 11:38:30 UTC 
Template is a virt-related entity.
Moving to virt to determine whether they want to fix it, or leave it as is...
Also, with the existence of instance types, perhaps this is no longer relevant.
Comment 7 Michal Skrivanek 2015-09-07 07:08:34 UTC 
doesn't look like worth the effort, especially with instance types indeed