[one-users] hiding vnet

Carlos Martín Sánchez cmartin at opennebula.org
Fri Sep 12 01:58:26 PDT 2014


Hi Vincent,

Actually, if the users can see the vnet, they can also request an IP. This
is because the same permission USE is needed for both actions.

In the end, the permissions are set with the resource's chmod, or an ACL
rule [1].
It may be that the vnet is in a cluster assigned to the group as a resource
provider [2]. Internally, this creates an ACL rule that grants USE over all
the vnets of that cluster.

If you need a clarification for your specific setup, please copy the
outputs of onegroup show, onevnet show, and oneacl list.

Regards.

[1]
http://docs.opennebula.org/4.8/administration/users_and_groups/chmod.html
[2]
http://docs.opennebula.org/4.8/administration/users_and_groups/manage_groups.html#managing-vdc-and-resource-providers



--
Carlos Martín, MSc
Project Engineer
OpenNebula - Flexible Enterprise Cloud Made Simple
www.OpenNebula.org | cmartin at opennebula.org | @OpenNebula
<http://twitter.com/opennebula> <cmartin at opennebula.org>

On Wed, Sep 10, 2014 at 4:15 PM, <vincent at vanderkussen.org> wrote:

> Hi,
>
> I'm finalizing our ONE setup and I'm now busy putting all users
> in groups so they can only access the things they need access to.
>
> One thing I find a bit strange is that users can see networks they
> have no acccess to. As I see it now, each user must know what vnet
> has access to before he can make a choice. It would be nice to have
> a way to hide networks you can't use anyway.
>
> Or maybe I'm just looking over it.. :-)
>
> Regards,
> Vincent
> _______________________________________________
> Users mailing list
> Users at lists.opennebula.org
> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opennebula.org/pipermail/users-opennebula.org/attachments/20140912/184e70cf/attachment-0001.htm>


More information about the Users mailing list