Hi Rubén,<br><br>The way users list the resources is somewhat limited to the standard use cases: the onevnet list command accepts 3 options: m (mine), g (group), a (all).<br><br>Although you can grant users in group 108 permissions to list vnets in the group 1, they cannot request the list of vnets in group 108.<br>
They can only list vnets in their group (g) or all (a) the existing vnets.<br><br>The command 'onevnet list' is not showing any vnets because the default option is 'g'.<br>'onevnet list a' command fails because it tries to list all the vnets, what requires the following ACL rule:<br>
<br>@108 NET/* INFO_POOL<br><br><br><br>If you need to debug the ACL rules, enable de debug level in oned.conf (enabled by default) and look in oned.log for messages marked as [ACL][D].<br><br>You will find messages similar to these ones:<br>
<br><span style="font-family:courier new,monospace">Thu Oct 20 05:48:29 2011 [ReM][D]: VirtualNetworkPoolInfo method invoked</span><br style="font-family:courier new,monospace"><span style="font-family:courier new,monospace">...</span><br style="font-family:courier new,monospace">
<span style="font-family:courier new,monospace">Thu Oct 20 05:48:29 2011 [ACL][D]: Request #1 NET/* INFO_POOL</span><br style="font-family:courier new,monospace"><span style="font-family:courier new,monospace">Thu Oct 20 05:48:29 2011 [ACL][D]: > Rule @1 VM+NET+IMAGE+TEMPLATE/* CREATE+INFO_POOL_MINE</span><br style="font-family:courier new,monospace">
<span style="font-family:courier new,monospace">Thu Oct 20 05:48:29 2011 [ACL][D]: > Rule @1 HOST/* USE</span><br style="font-family:courier new,monospace"><span style="font-family:courier new,monospace">Thu Oct 20 05:48:29 2011 [ACL][D]: No more rules, permission not granted </span><br>
<br><br>You can read more in a similar thread here [1], and the ticket where we will address this limitations [2].<br><br>Regards.<br><br>[1] <a href="http://www.mail-archive.com/users@lists.opennebula.org/msg04022.html">http://www.mail-archive.com/users@lists.opennebula.org/msg04022.html</a><br>
[2] <a href="http://dev.opennebula.org/issues/862">http://dev.opennebula.org/issues/862</a><br clear="all"><span style="border-collapse:collapse;color:rgb(136, 136, 136);font-family:arial,sans-serif;font-size:13px"><br>--<br>
Carlos Martín, MSc</span><font color="#888888"><br>Project Engineer</font><br>
<span style="border-collapse:collapse;color:rgb(136, 136, 136);font-family:arial, sans-serif;font-size:13px"><span style="background-color:rgb(255, 255, 204);color:rgb(34, 34, 34);background-repeat:initial initial">OpenNebula</span> - The Open Source Toolkit for Cloud Computing<br>
<a href="http://www.opennebula.org/" style="color:rgb(42, 93, 176)" target="_blank">www.<span style="background-color:rgb(255, 255, 204);color:rgb(34, 34, 34);background-repeat:initial initial">OpenNebula</span>.org</a> | <a href="mailto:cmartin@opennebula.org" style="color:rgb(42, 93, 176)" target="_blank">cmartin@<span style="background-color:rgb(255, 255, 204);color:rgb(34, 34, 34);background-repeat:initial initial">opennebula</span>.org</a></span><br>
<br><br><div class="gmail_quote">On Thu, Oct 20, 2011 at 1:47 PM, Ruben Diez <span dir="ltr"><<a href="mailto:rdiez@cesga.es" target="_blank">rdiez@cesga.es</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Hi:<br>
<br>
We are attempt that OpenNebula users of group XXX (id=108) could view and use the NETs and IMAGES of the group users (id=1)<br>
<br>
So we create this ACL rule:<br>
<br>
create "@108 NET+IMAGE/@1 USE+INFO+INFO_POOL"<br>
<br>
but, contrary to expectations, un an user of the group XXX (id=108) can't list the vnets under the group user<br>
<br>
user_under_XXX$ onevnet list<br>
ID USER GROUP NAME TYPE BRIDGE PUB LEASES<br>
<br>
<br>
user_under_XXX$ onevnet list a<br>
[VirtualNetworkPoolInfo] User [4] : Not authorized to perform INFO_POOL NET.<br>
<br>
<br>
Please note that there are vnets under group user:<br>
<br>
<br>
oneadmin$ onevnet list<br>
ID USER GROUP NAME TYPE BRIDGE PUB LEASES<br>
175 oneadmin users red-192.169.40 R virbrG No 0<br>
171 oneadmin users red-84.21.173 R virbrC Yes 50<br>
<br>
<br>
Where are the mistake??<br>
<br>
Regards<br>
<br>
<br>
<br>
______________________________<u></u>_________________<br>
Users mailing list<br>
<a href="mailto:Users@lists.opennebula.org" target="_blank">Users@lists.opennebula.org</a><br>
<a href="http://lists.opennebula.org/listinfo.cgi/users-opennebula.org" target="_blank">http://lists.opennebula.org/<u></u>listinfo.cgi/users-opennebula.<u></u>org</a><br>
</blockquote></div><br>