Hello,
I’m getting some authorization errors when a user tries to create a new instance. This user has no an user ACL, but his group (TEST) has the following ACLs:
create Virtual Machines (all zones)
use Datastores (OpenNebula zone)
use Virtual Networks (OpenNebula zone)
manage Hosts (OpenNebula zone)
With this ACL (applied to the group and, of course, to each member of the group), user “test” can’t create a new instance. System returns error: “Not authorized to perform CREATE TEMPLATE”. However, user “test” can create a new template choosing that option in the menu option.
Where is the problem? What ACL user “test” needs for creating instances and not creating new templates?
In my environment, there are several “normal” users that MUST use templates I have created, configured and fixed in HW values and I need that nobody could create a new template and increase CPUs or RAM GB in his template.
Thanks.