<div dir="ltr">Hi,<div><br></div><div class="gmail_extra"><div class="gmail_quote">On Tue, Jun 10, 2014 at 10:48 AM, Yudai Yamagishi <span dir="ltr"><<a href="mailto:yummy@yumnet.jp" target="_blank">yummy@yumnet.jp</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">Hi,<br>
<br>
I’m having a problem where the virtual network’s permissions aren’t being enforced.<br>
I have a Virtual Network with the following configuration:<br>
--<br>
$ onevnet show 10<br>
VIRTUAL NETWORK 10 INFORMATION<br>
ID : 10<br>
NAME : usernet-v3001<br>
USER : oneadmin<br>
GROUP : oneadmin<br>
CLUSTER : -<br>
TYPE : RANGED<br>
BRIDGE : br3001<br>
VLAN : No<br>
USED LEASES : 0<br>
<br>
PERMISSIONS<br>
OWNER : um-<br>
GROUP : ---<br>
OTHER : —<br>
<br>
VIRTUAL NETWORK TEMPLATE<br>
BRIDGE="br3001"<br>
NETWORK_ADDRESS="10.0.0.0"<br>
NETWORK_MASK="255.0.0.0"<br>
PHYDEV=""<br>
VLAN="NO"<br>
VLAN_ID=""<br>
<br>
RANGE<br>
IP_START : 10.0.0.1<br>
IP_END : 10.255.255.254<br>
<br>
VIRTUAL MACHINES<br>
—<br>
<br>
What I am expecting is, the users except for oneadmin user shouldn’t be able to see nor use this virtual network.<br>
However, in Sunstone, when I click “Attach Nic” in one of the VMs, I can see the VNETs which I should not have<br>
permission to. Also, I can select the VNET and a NIC is attached to the VNET I don’t have USE permission to.<br>
Everything else like VMs and Templates work as expected, only VNET that doesn’t seem to enforce permissions properly.<br>
<br>
Is this a bug or is it something I missed in the documentation?<br></blockquote><div><br></div><div>You may have an ACL rule that grants the USE permission. Read [1] for more information.</div><div>That ACL rule probably comes from the vDC resource provider [2] configuration, the bootstrap assigns the resources provider "All" to the users group.</div>
<div> <br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
I’m currently using OpenNebula from git which was latest as of Mar 31.<br>
(last commit is c191cee306c23f0d5c030cf24b7dadfc0d375088)<br>
<br></blockquote><div><br></div><div>I would strongly advice against that... If you are going to install from git, at least checkout the release-4.6.1 tag.</div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
Thanks!<br>
<span class=""><font color="#888888">Yudai Yamagishi<br>
</font></span></blockquote><div><br></div><div>Regards</div><div><div><br class="">[1] <a href="http://docs.opennebula.org/4.6/administration/users_and_groups/manage_acl.html#how-permission-is-granted-or-denied">http://docs.opennebula.org/4.6/administration/users_and_groups/manage_acl.html#how-permission-is-granted-or-denied</a><br>
</div><div>[2] <a href="http://docs.opennebula.org/4.6/administration/users_and_groups/manage_groups.html#managing-vdc-and-resource-providers">http://docs.opennebula.org/4.6/administration/users_and_groups/manage_groups.html#managing-vdc-and-resource-providers</a><br>
</div><div class="gmail_extra"><br clear="all"><div><div dir="ltr">--<br><div>Carlos Martín, MSc<br>Project Engineer</div><div>OpenNebula - Flexible Enterprise Cloud Made Simple<br><div><span style="border-collapse:collapse;color:rgb(136,136,136);font-family:arial,sans-serif;font-size:13px"><a href="http://www.opennebula.org/" target="_blank">www.OpenNebula.org</a> | <a href="mailto:cmartin@opennebula.org" target="_blank">cmartin@opennebula.org</a> | <a href="http://twitter.com/opennebula" target="_blank">@OpenNebula</a></span><span style="border-collapse:collapse;color:rgb(136,136,136);font-family:arial,sans-serif;font-size:13px"><a href="mailto:cmartin@opennebula.org" target="_blank" style="color:rgb(42,93,176)"></a></span></div>
</div><div><br></div></div></div></div></div></div></div></div>