[one-users] How to protect a virtual network from being used by users?

[Pavel Tankov]

Hello,

I (as oneadmin) have configured two virtual networks:
- one named "default" for use by regular users to deploy disposable test VMs
- one named "SPECIAL" for use by the admin to create servers that will 
not be disposable but will stay always ON

Both networks have different IP ranges so that you could easily tell 
whether it's a server or a disposable test VM by looking at it's IP address.

I have set up Opennebula with LDAP authentication. LDAP users 
authenticate just fine and are able to create themselves VMs using those 
templates that the admin has allowed for them. Now, I'd like to make so 
that only "default" virtual network is exposed to regular users, and 
"SPECIAL" is not seen by them.

Currently, both networks have the following permissions:

- Owner: use, manage
- Group <none>
- Other: <none>

Users still can use both of these when they deploy a test VM although 
permissions clearly state they shouldn't be able to see any of them.

What is wrong with the permissions?

-- 
Pavel Tankov