<div dir="ltr">Hi Vincent,<div><br></div><div>Actually, if the users can see the vnet, they can also request an IP. This is because the same permission USE is needed for both actions.</div><div><br></div><div>In the end, the permissions are set with the resource's chmod, or an ACL rule [1].</div><div>It may be that the vnet is in a cluster assigned to the group as a resource provider [2]. Internally, this creates an ACL rule that grants USE over all the vnets of that cluster.</div><div><br></div><div>If you need a clarification for your specific setup, please copy the outputs of onegroup show, onevnet show, and oneacl list.</div><div><br></div><div>Regards.</div><div><br></div><div>[1] <a href="http://docs.opennebula.org/4.8/administration/users_and_groups/chmod.html">http://docs.opennebula.org/4.8/administration/users_and_groups/chmod.html</a></div><div>[2] <a href="http://docs.opennebula.org/4.8/administration/users_and_groups/manage_groups.html#managing-vdc-and-resource-providers">http://docs.opennebula.org/4.8/administration/users_and_groups/manage_groups.html#managing-vdc-and-resource-providers</a><br><div><br></div><div><br></div></div></div><div class="gmail_extra"><br clear="all"><div><div dir="ltr">--<br><div>Carlos MartÃn, MSc<br>Project Engineer</div><div>OpenNebula - Flexible Enterprise Cloud Made Simple<br><div><span style="border-collapse:collapse;color:rgb(136,136,136);font-family:arial,sans-serif;font-size:13px"><a href="http://www.OpenNebula.org" target="_blank">www.OpenNebula.org</a> | <a href="mailto:cmartin@opennebula.org" target="_blank">cmartin@opennebula.org</a> | <a href="http://twitter.com/opennebula" target="_blank">@OpenNebula</a></span><span style="border-collapse:collapse;color:rgb(136,136,136);font-family:arial,sans-serif;font-size:13px"><a href="mailto:cmartin@opennebula.org" style="color:rgb(42,93,176)" target="_blank"></a></span></div></div></div></div>
<br><div class="gmail_quote">On Wed, Sep 10, 2014 at 4:15 PM, <span dir="ltr"><<a href="mailto:vincent@vanderkussen.org" target="_blank">vincent@vanderkussen.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi,<br>
<br>
I'm finalizing our ONE setup and I'm now busy putting all users<br>
in groups so they can only access the things they need access to.<br>
<br>
One thing I find a bit strange is that users can see networks they<br>
have no acccess to. As I see it now, each user must know what vnet<br>
has access to before he can make a choice. It would be nice to have<br>
a way to hide networks you can't use anyway.<br>
<br>
Or maybe I'm just looking over it.. :-)<br>
<br>
Regards,<br>
Vincent<br>
______________________________<u></u>_________________<br>
Users mailing list<br>
<a href="mailto:Users@lists.opennebula.org" target="_blank">Users@lists.opennebula.org</a><br>
<a href="http://lists.opennebula.org/listinfo.cgi/users-opennebula.org" target="_blank">http://lists.opennebula.org/<u></u>listinfo.cgi/users-opennebula.<u></u>org</a><br>
</blockquote></div><br></div>