
<div dir="ltr">Hi,<div class="gmail_extra"><br></div><div class="gmail_extra">Adding to what Rubén said, the acl modification is only allowed for users in the oneadmin group.</div><div class="gmail_extra"><br></div><div class="gmail_extra">


Make sure you use the reference command-auth tables in the xml-rpc doc [1] to create your rules.</div><div class="gmail_extra"><div class="gmail_extra"><br></div><div class="gmail_extra">For example, oneuser passwd requires USER:MANAGE. The rule "#<user_id> USER/* USE+MANAGE+ADMIN" will allow your user to change oneadmin's password.</div>


<div class="gmail_extra">In this case, you will want to create a rule targeting each group (excluding oneadmin).</div><div class="gmail_extra"><br></div><div class="gmail_extra">Regards</div><div class="gmail_extra"><br>

</div>

<div class="gmail_extra">[1] <a href="http://docs.opennebula.org/4.4/integration/system_interfaces/api.html#authorization-requests-reference" target="_blank">http://docs.opennebula.org/4.4/integration/system_interfaces/api.html#authorization-requests-reference</a></div>


<div><div dir="ltr">--<br><div>Carlos Martín, MSc<br>Project Engineer</div><div>OpenNebula - Flexible Enterprise Cloud Made Simple<br><div><span style="border-collapse:collapse;color:rgb(136,136,136);font-family:arial,sans-serif;font-size:13px"><a href="http://www.OpenNebula.org" target="_blank">www.OpenNebula.org</a> | <a href="mailto:cmartin@opennebula.org" target="_blank">cmartin@opennebula.org</a> | <a href="http://twitter.com/opennebula" target="_blank">@OpenNebula</a></span><span style="border-collapse:collapse;color:rgb(136,136,136);font-family:arial,sans-serif;font-size:13px"><a href="mailto:cmartin@opennebula.org" style="color:rgb(42,93,176)" target="_blank"></a></span></div>


</div></div></div>

<br><br><div class="gmail_quote">On Thu, Apr 3, 2014 at 2:19 PM, Ruben S. Montero <span dir="ltr"><<a href="mailto:rsmontero@opennebula.org" target="_blank">rsmontero@opennebula.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">


<div dir="ltr">Hi<div><br></div><div>Probably, the following may work...</div><div><br></div><div>oneacl create "#<user_id> USER/* CREATE"</div><div>oneacl create "#<user_id> USER/* USE+MANAGE+ADMIN"<br>


</div><div><br></div><div>Take a look to the ACL guide for more info:</div><div><br></div><div><a href="http://docs.opennebula.org/4.4/administration/users_and_groups/manage_acl.html" target="_blank">http://docs.opennebula.org/4.4/administration/users_and_groups/manage_acl.html</a><br>


</div><div><br></div><div>Cheers</div><div><br></div><div>Ruben</div><div><br></div></div><div class="gmail_extra"><div><div class="h5"><br><br><div class="gmail_quote">On Thu, Apr 3, 2014 at 12:08 PM, Wilma Hermann <span dir="ltr"><<a href="mailto:wilma.hermann@gmail.com" target="_blank">wilma.hermann@gmail.com</a>></span> wrote:<br>


<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">Hi,<br>

<br>

Is it possible to assign limited admin rights to certain accounts? I<br>

would like to have a user that is allowed to do all the user<br>

management (creating users, adding users to existing groups, etc.)<br>

without adding this user to the oneadmin-group. In particular, I would<br>

like to deny this user access to all other users' VMs, templates,<br>

images, etc. The user also shouldn't have write-access to the ACLs<br>

(otherwise limits would make no sense obviously).<br>

<br>

Greetings<br>

Wilma<br>

_______________________________________________<br>

Users mailing list<br>

<a href="mailto:Users@lists.opennebula.org" target="_blank">Users@lists.opennebula.org</a><br>

<a href="http://lists.opennebula.org/listinfo.cgi/users-opennebula.org" target="_blank">http://lists.opennebula.org/listinfo.cgi/users-opennebula.org</a><br>

</blockquote></div><br><br clear="all"><div><br></div></div></div><span class=""><font color="#888888">-- <br><div dir="ltr"><div><div>-- <br></div></div>Ruben S. Montero, PhD<br>Project co-Lead and Chief Architect<div>OpenNebula - Flexible Enterprise Cloud Made Simple<br>


<a href="http://www.OpenNebula.org" target="_blank">www.OpenNebula.org</a> | <a href="mailto:rsmontero@opennebula.org" target="_blank">rsmontero@opennebula.org</a> | @OpenNebula</div></div>

</font></span></div>

<br>_______________________________________________<br>

Users mailing list<br>

<a href="mailto:Users@lists.opennebula.org">Users@lists.opennebula.org</a><br>

<a href="http://lists.opennebula.org/listinfo.cgi/users-opennebula.org" target="_blank">http://lists.opennebula.org/listinfo.cgi/users-opennebula.org</a><br>

<br></blockquote></div><br></div></div>