<div dir="ltr">Hi<div><br></div><div>I believe this feature is already planned for 4.6</div><div><br></div><div> <a href="http://dev.opennebula.org/issues/2615">http://dev.opennebula.org/issues/2615</a></div><div><br></div>
<div>Originally it is only for the group, but it seems that we should extended also to support the user</div><div><br></div><div>Cheers</div><div><br></div><div>Ruben</div></div><div class="gmail_extra"><br><br><div class="gmail_quote">
On Thu, Feb 20, 2014 at 11:14 PM, Stefan Kooman <span dir="ltr"><<a href="mailto:stefan@bit.nl" target="_blank">stefan@bit.nl</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div class="">Quoting Carlos Martín Sánchez (<a href="mailto:cmartin@opennebula.org">cmartin@opennebula.org</a>):<br>
> Hi,<br>
><br>
> On Mon, Feb 17, 2014 at 3:28 PM, Stefan Kooman <<a href="mailto:stefan@bit.nl">stefan@bit.nl</a>> wrote:<br>
><br>
> > Hi List,<br>
> ><br>
> > I would like to have the ability to instantiate a vm (or create one<br>
> > based on a template) on behalf of a user and/or group. At submission<br>
> > time oned/sched would check if the user has suitable permissions on all<br>
> > of the resources defined in the template and otherwise fail, i.e.: the<br>
> > same way "servers authentication" work (section C, [1]). Currently<br>
> > you're able to chown the vm to a user/group but this does not ensure the<br>
> > user has enough permissions to re-create or re-instantiate the same<br>
> > template later on.<br>
> ><br>
> > Gr. Stefan<br>
> ><br>
> > [1]:<br>
> ><br>
> > <a href="http://docs.opennebula.org/stable/administration/authentication/external_auth.html?highlight=authentication" target="_blank">http://docs.opennebula.org/stable/administration/authentication/external_auth.html?highlight=authentication</a><br>
><br>
><br>
> Maybe this could be implemented as a special type of sunstone login,<br>
> instead of an option to perform certain actions. So you could enter your<br>
> oneadmin credentials + the username you want to log in as.<br>
<br>
</div>Basically a sudo like feature. Currently I'm instantiating most vm's<br>
with sunstone but this will change in the future. We will be deploying<br>
vm's with a "adm" tool talking to the XML-RPC interface (and our own<br>
internal systems). In that case you would miss out on the "sudo"<br>
feature. Cli would also benefit from having this functionality<br>
implemented at a "lower" level.<br>
<br>
Gr. Stefan<br>
<div class="HOEnZb"><div class="h5"><br>
--<br>
| BIT BV <a href="http://www.bit.nl/" target="_blank">http://www.bit.nl/</a> Kamer van Koophandel 09090351<br>
| GPG: 0xD14839C6 <a href="tel:%2B31%20318%20648%20688" value="+31318648688">+31 318 648 688</a> / <a href="mailto:info@bit.nl">info@bit.nl</a><br>
_______________________________________________<br>
Users mailing list<br>
<a href="mailto:Users@lists.opennebula.org">Users@lists.opennebula.org</a><br>
<a href="http://lists.opennebula.org/listinfo.cgi/users-opennebula.org" target="_blank">http://lists.opennebula.org/listinfo.cgi/users-opennebula.org</a><br>
</div></div></blockquote></div><br><br clear="all"><div><br></div>-- <br><div dir="ltr"><div><div>-- <br></div></div>Ruben S. Montero, PhD<br>Project co-Lead and Chief Architect<div>OpenNebula - Flexible Enterprise Cloud Made Simple<br>
<a href="http://www.OpenNebula.org" target="_blank">www.OpenNebula.org</a> | <a href="mailto:rsmontero@opennebula.org" target="_blank">rsmontero@opennebula.org</a> | @OpenNebula</div></div>
</div>