I have a small question/issue. I’m trying to fine-tune a Group ACL. All works fine, except when it comes to a user within the group attempting to create a VM, it never deploys. I have to go in as oneadmin and Deploy the VM to a node by selecting a host.
How can I rectify this so VM deployment by an unprivileged user tied to this Group can deploy their own VM without outside intervention? I’m assuming there needs to be an ACL change, possibly dealing with HOSTS.
Below is a screenshot of my ACL page. The Group in question is regular_users
Exactly, you need to assign the group usage rights for some hosts. Maybe
you can take a look to the VDCs. This is basically a group + virtual
infrastructure:
I thought the ID#35 where I gave USE rights to all HOSTS would be proper rights. In my previous ACL setup, the Group had MANAGE rights for hosts and that worked. However, that seemed as if it was too high a permission, I could be wrong though.
A bit on the rationale behind this. USE grants list show permissions on the host. Sometimes you do not want your regular users to actually see the underlying hosts. So we decouple MANAGE to grant you deploy rights on the host from listing/showing hosts. Finally ADMIN lets you delete/update the host.
