Hi Ignazio,<br>This is a quick change to the simple_permissions.rb script. I didn't even check if this works, but it should help you get the idea of what Daniel proposed.<br><br>When modifying an authorization script, you have to take into account that oneadmin (user with id = 0) is granted anything in the core.<br>
<br><span style="font-family: courier new,monospace;">--- a/src/authm_mad/simple_permissions.rb</span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;">+++ b/src/authm_mad/simple_permissions.rb</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">@@ -71,8 +71,12 @@ class SimplePermissions</span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;"> </span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;"> case action</span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;"> when 'CREATE'</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">- auth_result=true if %w{VM NET IMAGE}.include? object</span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;">- </span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">+ if %w{VM IMAGE}.include? object</span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;">+ auth_result = true </span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">+ elsif object == "NET"</span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;">+ auth_result = "Regular users can not CREATE NET" </span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">+ end</span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;">+</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;"> if @quota_enabled and object=='VM' and auth_result</span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;"> STDERR.puts 'quota enabled'</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;"> @quota.update(uid.to_i)</span><br style="font-family: courier new,monospace;"><br><br>Regards.<br><br clear="all"><span style="border-collapse:collapse;color:rgb(136, 136, 136);font-family:arial, sans-serif;font-size:13px">--<br>
Carlos Martín, MSc<br>Project Major Contributor<br><span style="background-color:rgb(255, 255, 204);color:rgb(34, 34, 34);background-repeat:initial initial">OpenNebula</span> - The Open Source Toolkit for Cloud Computing<br>
<a href="http://www.opennebula.org/" style="color:rgb(42, 93, 176)" target="_blank">www.<span style="background-color:rgb(255, 255, 204);color:rgb(34, 34, 34);background-repeat:initial initial">OpenNebula</span>.org</a> | <a href="mailto:cmartin@opennebula.org" style="color:rgb(42, 93, 176)" target="_blank">cmartin@<span style="background-color:rgb(255, 255, 204);color:rgb(34, 34, 34);background-repeat:initial initial">opennebula</span>.org</a></span><br>
<br><br><div class="gmail_quote">On Mon, Apr 18, 2011 at 3:16 PM, <span dir="ltr"><<a href="mailto:ignazio.cassano@provincia.torino.it">ignazio.cassano@provincia.torino.it</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
Hello Daniel,<br>
I'd like to ask when new features will be addes do manage user groups.<br>
I did not understand I can setroles for difeerent users using simple_permissions.rb...<br>
How can I modify the simple_permissions.rb to deny users crating new<br>
virtual networks ?<br>
Please, could ou give me an example ?<br>
At this time my oneaadmn ha created c virtual network and I don't want any<br>
other user create furthers vmnet.<br>
Thanks and Regards<div class="im"><br>
----- Messaggio da <a href="mailto:dmolina@opennebula.org" target="_blank">dmolina@opennebula.org</a> ---------<br>
Data: Mon, 28 Mar 2011 16:21:31 +0200<br>
Da: Daniel Molina <<a href="mailto:dmolina@opennebula.org" target="_blank">dmolina@opennebula.org</a>><br>
Oggetto: Re: [one-users] user permissions on vnet<br>
A: <a href="mailto:ignazio.cassano@provincia.torino.it" target="_blank">ignazio.cassano@provincia.torino.it</a><br>
Cc: <a href="mailto:users@lists.opennebula.org" target="_blank">users@lists.opennebula.org</a><br>
<br>
<br>
</div><div><div></div><div class="h5"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Hi,<br>
<br>
You can use the auth module [1,2] to disable the VNet creation for<br>
users different from oneadmin.<br>
<br>
Furthermore, we are developing a new feature to mange user groups. You<br>
will be able to set roles for different users and even customize your<br>
Sunstone to add or remove functionality for these users.<br>
<br>
[1] <a href="http://www.opennebula.org/documentation:rel2.2:users" target="_blank">http://www.opennebula.org/documentation:rel2.2:users</a><br>
[2] <a href="http://www.opennebula.org/documentation:rel2.2:auth" target="_blank">http://www.opennebula.org/documentation:rel2.2:auth</a><br>
<br>
Regards<br>
<br>
On 24 March 2011 14:09, <<a href="mailto:ignazio.cassano@provincia.torino.it" target="_blank">ignazio.cassano@provincia.torino.it</a>> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Hello everyone,<br>
I'd like to know if it is possible to set user permissions on virtual<br>
network<br>
creation.<br>
At this time, using sunstone, seems a normale user (not oneadmin) can create<br>
a virtual<br>
network with the same attributes of vnet created by oneadmin.<br>
Is it strange ?<br>
Thanks and regards<br>
Ignazio<br>
<br>
_______________________________________________<br>
Users mailing list<br>
<a href="mailto:Users@lists.opennebula.org" target="_blank">Users@lists.opennebula.org</a><br>
<a href="http://lists.opennebula.org/listinfo.cgi/users-opennebula.org" target="_blank">http://lists.opennebula.org/listinfo.cgi/users-opennebula.org</a><br>
<br>
</blockquote>
<br>
<br>
<br>
--<br>
Daniel Molina, Cloud Technology Engineer/Researcher<br>
Major Contributor<br>
OpenNebula - The Open Source Toolkit for Cloud Computing<br>
<a href="http://www.OpenNebula.org" target="_blank">www.OpenNebula.org</a> | <a href="mailto:dmolina@opennebula.org" target="_blank">dmolina@opennebula.org</a><br>
<br>
</blockquote>
<br>
<br></div></div>
----- Fine messaggio da <a href="mailto:dmolina@opennebula.org" target="_blank">dmolina@opennebula.org</a> -----<div><div></div><div class="h5"><br>
<br>
<br>
<br>
_______________________________________________<br>
Users mailing list<br>
<a href="mailto:Users@lists.opennebula.org" target="_blank">Users@lists.opennebula.org</a><br>
<a href="http://lists.opennebula.org/listinfo.cgi/users-opennebula.org" target="_blank">http://lists.opennebula.org/listinfo.cgi/users-opennebula.org</a><br>
</div></div></blockquote></div><br>