[one-users] user permissions on vnet

Carlos Martín Sánchez cmartin at opennebula.org
Mon Apr 25 07:08:13 PDT 2011


Hi Ignazio,
This is a quick change to the simple_permissions.rb script. I didn't even
check if this works, but it should help you get the idea of what Daniel
proposed.

When modifying an authorization script, you have to take into account that
oneadmin (user with id = 0) is granted anything in the core.

--- a/src/authm_mad/simple_permissions.rb
+++ b/src/authm_mad/simple_permissions.rb
@@ -71,8 +71,12 @@ class SimplePermissions

         case action
         when 'CREATE'
-            auth_result=true if %w{VM NET IMAGE}.include? object
-
+            if %w{VM IMAGE}.include? object
+                auth_result = true
+            elsif object == "NET"
+                auth_result = "Regular users can not CREATE NET"
+            end
+
             if @quota_enabled and object=='VM' and auth_result
                 STDERR.puts 'quota enabled'
                 @quota.update(uid.to_i)


Regards.

--
Carlos Martín, MSc
Project Major Contributor
OpenNebula - The Open Source Toolkit for Cloud Computing
www.OpenNebula.org <http://www.opennebula.org/> | cmartin at opennebula.org


On Mon, Apr 18, 2011 at 3:16 PM, <ignazio.cassano at provincia.torino.it>wrote:

> Hello Daniel,
> I'd like to ask when new features will be addes do manage user groups.
> I did not understand I can setroles for difeerent users using
> simple_permissions.rb...
> How can I modify the  simple_permissions.rb to deny users crating new
> virtual networks ?
> Please, could ou give me an example ?
> At this time my oneaadmn ha created c virtual network and I don't want any
> other user create furthers vmnet.
> Thanks and Regards
>
> ----- Messaggio da dmolina at opennebula.org ---------
>    Data: Mon, 28 Mar 2011 16:21:31 +0200
>    Da: Daniel Molina <dmolina at opennebula.org>
>  Oggetto: Re: [one-users] user permissions on vnet
>      A: ignazio.cassano at provincia.torino.it
>      Cc: users at lists.opennebula.org
>
>
>  Hi,
>>
>> You can use the auth module [1,2] to disable the VNet creation for
>> users different from oneadmin.
>>
>> Furthermore, we are developing a new feature to mange user groups. You
>> will be able to set roles for different users and even customize your
>> Sunstone to add or remove functionality for these users.
>>
>> [1] http://www.opennebula.org/documentation:rel2.2:users
>> [2] http://www.opennebula.org/documentation:rel2.2:auth
>>
>> Regards
>>
>> On 24 March 2011 14:09,  <ignazio.cassano at provincia.torino.it> wrote:
>>
>>> Hello everyone,
>>> I'd like to know if it is possible to set user permissions on virtual
>>> network
>>> creation.
>>> At this time, using sunstone, seems a normale user (not oneadmin) can
>>> create
>>> a virtual
>>> network with the same attributes of vnet created by oneadmin.
>>> Is it strange ?
>>> Thanks and regards
>>> Ignazio
>>>
>>> _______________________________________________
>>> Users mailing list
>>> Users at lists.opennebula.org
>>> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
>>>
>>>
>>
>>
>> --
>> Daniel Molina, Cloud Technology Engineer/Researcher
>> Major Contributor
>> OpenNebula - The Open Source Toolkit for Cloud Computing
>> www.OpenNebula.org | dmolina at opennebula.org
>>
>>
>
> ----- Fine messaggio da dmolina at opennebula.org -----
>
>
>
>
> _______________________________________________
> Users mailing list
> Users at lists.opennebula.org
> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opennebula.org/pipermail/users-opennebula.org/attachments/20110425/1b1f2d5e/attachment-0002.htm>


More information about the Users mailing list