[one-users] about ACL

Valerio Schiavoni valerio.schiavoni at gmail.com
Thu Jun 13 01:16:00 PDT 2013


Hello,
i'm running OpenNebula 4.0.1, freshly installed, and I'd like to implement
the following  use-case ACL-wise: when users login through the sunstone
interface, they should see if other VMs are currently running and on which
hosts. Clearly, on VMs owned by other users (even if in the same group), no
managing actions should be allowed.

This is the current set of ACL rules installed ( i believe these are the
default ones):

   ID     USER RES_VHNIUTGDCO   RID OPE_UMAC
    0       @1     V-NI-T----     *     ---c
   11       @1     -H--------     *     um--
   16        *     ---------O     *     ---c


If I add this: "@1 VM/* USE" , all users can see all other users' VMs but
all actions seem to be available (at least through the web interface).

Is this scenario supported somehow?

Thanks,
Valerio
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opennebula.org/pipermail/users-opennebula.org/attachments/20130613/25eb23fe/attachment-0001.htm>


More information about the Users mailing list