[one-users] Granted operations with ACLs

Carlos Martín Sánchez cmartin at opennebula.org
Fri Nov 30 05:59:01 PST 2012


Hi,

The complete reference for the ACL permissions required by each command is
here [1].

You should also take into account the individual permission of each
resource [2]. I'm referring specifically to:

Groups A and B should only be able to execute resources on their own group.


This can be done with an ACL rule, but it makes more sense to change the
'group use' permissions (chmod 040)

About the chown / chgrp buttons missing from Sunstone, I believe the reason
is that somewhere the code checks if the user logged-in is not in the
oneadmin group, and hides these administrative buttons. Sunstone is going
to be renewed for 4.0, and I'm sure this will be changed too.

Regards.

[1] http://opennebula.org/documentation:rel3.8:api
[2] http://opennebula.org/documentation:rel3.8:chmod
--
Carlos Martín, MSc
Project Engineer
OpenNebula - The Open-source Solution for Data Center Virtualization
www.OpenNebula.org | cmartin at opennebula.org |
@OpenNebula<http://twitter.com/opennebula><cmartin at opennebula.org>



On Fri, Nov 30, 2012 at 12:47 PM, Andreas Calvo Gómez <
andreas.calvo at scytl.com> wrote:

>  Hi,
> Following the example in the documentation for managing ACLs (
> http://opennebula.org/documentation:rel3.8:manage_acl), how should be
> implemented if we have two groups of users which should be able to execute
> VMs, but one set of users (say, administrators), which should be able to
> create any resource and assign it to the corresponding group?
>
> Imagine a scenario where we have to groups, A and B; and a group of
> admins, Admin.
> Groups A and B should only be able to execute resources on their own group.
> Admin group should be able to create resources and assign them to a
> specific group.
> The only thing that is missing is the chgrp/chown commands under the
> sunstone webui, which is the reference tool to use.
>
> --
> Andreas Calvo Gómez
> Systems Engineer
> Scytl Secure Electronic Voting
> Plaça Gal·la Placidia, 1-3, 1st floor · 08006 Barcelona
> Phone: + 34 934 230 324
> Fax:   + 34 933 251 028http://www.scytl.com
>
> NOTICE: The information in this e-mail and in any of its attachments is
> confidential and intended solely for the attention and use of the named
> addressee(s). If you are not the intended recipient, any disclosure,
> copying,
> distribution or retaining of this message or any part of it, without the
> prior
> written consent of Scytl Secure Electronic Voting, SA is prohibited and
> may be
> unlawful. If you have received this in error, please contact the sender
> and
> delete the material from any computer.
>
>
> _______________________________________________
> Users mailing list
> Users at lists.opennebula.org
> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opennebula.org/pipermail/users-opennebula.org/attachments/20121130/2ddfcf3f/attachment-0002.htm>


More information about the Users mailing list