[one-users] how do a normal user change VM's owner?

Carlos Martín Sánchez cmartin at opennebula.org
Thu Aug 29 07:49:59 PDT 2013 

Hi,

That workflow may work, but sounds a bit convoluted.
Could you elaborate a bit more about your use case?

The way we designed it, the chown operation is meant to be performed by an
administrative account, like oneadmin, or a group/vdc admin.

This is because in a multi-tenancy environment regular users should not be
aware of all the other users in the system.
And allowing them to freely change a resource's owner poses some concerns:
quotas, billing, security, etc.

On the technical side, the chown operation requires VM:MANAGE + USER:MANAGE
[1]. The users drop-down will show all the users that the logged account
can list, i.e. has USER:USE permissions.

Regards.

[1] http://opennebula.org/documentation:rel4.2:api#onevm


--
Join us at OpenNebulaConf2013 <http://opennebulaconf.com> in Berlin, 24-26
September, 2013
--
Carlos Martín, MSc
Project Engineer
OpenNebula - The Open-source Solution for Data Center Virtualization
www.OpenNebula.org | cmartin at opennebula.org |
@OpenNebula<http://twitter.com/opennebula><cmartin at opennebula.org>


On Thu, Aug 29, 2013 at 3:20 PM, Liu, Guang Jun (Gene) <
Gene.Liu at alcatel-lucent.com> wrote:

>  Hi Carlos,
>
> The current process of changing ownership of a VM is like this:
> 1. The current owner of the VM grant the admin permission
> 2. The new user "pull" the ownership privilege
>
> The reason of this is that only the  current user id is listed in the
> pull-up list. (The actual owner-to-be can not be chosen by current owner)
>
> I am not sure if this is the design by default. I would think "push"
> ownership privilege making more sense.
>
> Thanks,
>
> Gene
>
> On 13-08-27 04:08 PM, Liu, Guang Jun (Gene) wrote:
>
> HI Carlos,
>
> Thank you very much for your reply! Yes, its a little bit tricky but the
> configuration you specified works.
>
> Gene
>
> On 13-08-27 05:44 AM, Carlos Martín Sánchez wrote:
>
> Hi,
>
>  I assume you edited the users view [1] to enable the VM.chown action.
> There is a tricky configuration here: the drop-down list of users is filled
> by the Users tab, so you need to enable the users-tab attribute.
>
>  Regards.
>
>  [1] http://opennebula.org/documentation:rel4.2:suns_views
>
>  --
> Join us at OpenNebulaConf2013 <http://opennebulaconf.com> in Berlin,
> 24-26 September, 2013
> --
> Carlos Martín, MSc
> Project Engineer
> OpenNebula - The Open-source Solution for Data Center Virtualization
> www.OpenNebula.org | cmartin at opennebula.org | @OpenNebula<http://twitter.com/opennebula>
>
>
> On Mon, Aug 26, 2013 at 3:55 PM, Liu, Guang Jun (Gene) <
> Gene.Liu at alcatel-lucent.com> wrote:
>
>> Hi there,
>>
>> >From sunstone, when a normal user (not in admin group) tried to "change
>> owner", there is always empty list of new user. Anyone experienced the
>> same issue? I wonder if it's a software bug or configuration related?
>>
>> Thanks
>>
>> Gene
>>
>> _______________________________________________
>> Users mailing list
>> Users at lists.opennebula.org
>> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
>>
>
>
>
>
> _______________________________________________
> Users mailing listUsers at lists.opennebula.orghttp://lists.opennebula.org/listinfo.cgi/users-opennebula.org
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opennebula.org/pipermail/users-opennebula.org/attachments/20130829/ab9503fb/attachment-0002.htm>

More information about the Users mailing list