[one-users] Assigning limited admin rights
Carlos Martín Sánchez
cmartin at opennebula.org
Fri Apr 4 01:34:27 PDT 2014
Hi,
Adding to what Rubén said, the acl modification is only allowed for users
in the oneadmin group.
Make sure you use the reference command-auth tables in the xml-rpc doc [1]
to create your rules.
For example, oneuser passwd requires USER:MANAGE. The rule "#<user_id>
USER/* USE+MANAGE+ADMIN" will allow your user to change oneadmin's password.
In this case, you will want to create a rule targeting each group
(excluding oneadmin).
Regards
[1]
http://docs.opennebula.org/4.4/integration/system_interfaces/api.html#authorization-requests-reference
--
Carlos Martín, MSc
Project Engineer
OpenNebula - Flexible Enterprise Cloud Made Simple
www.OpenNebula.org | cmartin at opennebula.org |
@OpenNebula<http://twitter.com/opennebula><cmartin at opennebula.org>
On Thu, Apr 3, 2014 at 2:19 PM, Ruben S. Montero
<rsmontero at opennebula.org>wrote:
> Hi
>
> Probably, the following may work...
>
> oneacl create "#<user_id> USER/* CREATE"
> oneacl create "#<user_id> USER/* USE+MANAGE+ADMIN"
>
> Take a look to the ACL guide for more info:
>
>
> http://docs.opennebula.org/4.4/administration/users_and_groups/manage_acl.html
>
> Cheers
>
> Ruben
>
>
>
> On Thu, Apr 3, 2014 at 12:08 PM, Wilma Hermann <wilma.hermann at gmail.com>wrote:
>
>> Hi,
>>
>> Is it possible to assign limited admin rights to certain accounts? I
>> would like to have a user that is allowed to do all the user
>> management (creating users, adding users to existing groups, etc.)
>> without adding this user to the oneadmin-group. In particular, I would
>> like to deny this user access to all other users' VMs, templates,
>> images, etc. The user also shouldn't have write-access to the ACLs
>> (otherwise limits would make no sense obviously).
>>
>> Greetings
>> Wilma
>> _______________________________________________
>> Users mailing list
>> Users at lists.opennebula.org
>> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
>>
>
>
>
> --
> --
> Ruben S. Montero, PhD
> Project co-Lead and Chief Architect
> OpenNebula - Flexible Enterprise Cloud Made Simple
> www.OpenNebula.org | rsmontero at opennebula.org | @OpenNebula
>
> _______________________________________________
> Users mailing list
> Users at lists.opennebula.org
> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opennebula.org/pipermail/users-opennebula.org/attachments/20140404/4bc296bf/attachment-0002.htm>
More information about the Users
mailing list