cloudstack-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Fernando Alvarez <lugano...@gmail.com>
Subject Re: Create new role Domain Admin + VR Access
Date Fri, 22 Nov 2019 00:11:55 GMT
Hi Daan,

Thank you for you quick response and sorry for this late reply.
The answer to your question is yes, I woud like to give an extra UI access
to "virtual appliance" flap but I was not sure if it was a permission
setting issue or somethings else (thanks for clarifying it to me).
On the other hand, I don't know where to start in order to make that tab
visible only to certain user that I want (Contributions are Welcome!)

Thank you so much.

Fernando.

El mar., 19 nov. 2019 a las 14:15, Daan Hoogland (<daan.hoogland@gmail.com>)
escribiĆ³:

> Fernando,
> Do you mean you want to give extra UI access or just the API? As you showed
> the API access is the same already, but that does not change the UI and
> shows extra tabs or so, You'll need to hack the javascript to have tabs
> hidden or visible other than the defaults. (also I'd say upgrade from 4.9
> if you can)
>
> On Sun, Nov 17, 2019 at 8:54 PM Fernando Alvarez <luganofer@gmail.com>
> wrote:
>
> > Hi everyone,
> >
> > I need to create a new role like Domain Admin role plus access to
> "virtual
> > appliance" flap in network domain menu.
> > No access to "Infrastructure" and "Global Settings" (is for level 2
> support
> > area).
> > I tried comparing the list of permissions of the "Domain Admin" and
> > "Resource Admin" role related to the virtual router but I can't find a
> > difference between them:
> >
> > (Arsat-Prod) šŸµ > list rolepermissions | grep -i router
> > Domain
> >
> >
> Admin,bdb84ac5-8b90-11e7-b03c-7e6885eea84b,0c4b6d38-8ba3-11e7-b03c-7e6885eea84b,changeServiceForRouter,allow
> > Resource
> >
> >
> Admin,bdb82cbb-8b90-11e7-b03c-7e6885eea84b,0c32696d-8ba3-11e7-b03c-7e6885eea84b,changeServiceForRouter,allow
> > Domain
> >
> >
> Admin,bdb84ac5-8b90-11e7-b03c-7e6885eea84b,0c4bb89f-8ba3-11e7-b03c-7e6885eea84b,configureVirtualRouterElement,allow
> > Resource
> >
> >
> Admin,bdb82cbb-8b90-11e7-b03c-7e6885eea84b,0c32d222-8ba3-11e7-b03c-7e6885eea84b,configureVirtualRouterElement,allow
> > Domain
> >
> >
> Admin,bdb84ac5-8b90-11e7-b03c-7e6885eea84b,0c4f4f0b-8ba3-11e7-b03c-7e6885eea84b,createVirtualRouterElement,allow
> > Resource
> >
> >
> Admin,bdb82cbb-8b90-11e7-b03c-7e6885eea84b,0c36c75f-8ba3-11e7-b03c-7e6885eea84b,createVirtualRouterElement,allow
> > Domain
> >
> >
> Admin,bdb84ac5-8b90-11e7-b03c-7e6885eea84b,0c537adc-8ba3-11e7-b03c-7e6885eea84b,destroyRouter,allow
> > Resource
> >
> >
> Admin,bdb82cbb-8b90-11e7-b03c-7e6885eea84b,0c3b0202-8ba3-11e7-b03c-7e6885eea84b,destroyRouter,allow
> > Domain
> >
> >
> Admin,bdb84ac5-8b90-11e7-b03c-7e6885eea84b,0c5a308f-8ba3-11e7-b03c-7e6885eea84b,listRouters,allow
> > Resource
> >
> >
> Admin,bdb82cbb-8b90-11e7-b03c-7e6885eea84b,0c41f14c-8ba3-11e7-b03c-7e6885eea84b,listRouters,allow
> > Domain
> >
> >
> Admin,bdb84ac5-8b90-11e7-b03c-7e6885eea84b,0c5b7a4a-8ba3-11e7-b03c-7e6885eea84b,listVirtualRouterElements,allow
> > Resource
> >
> >
> Admin,bdb82cbb-8b90-11e7-b03c-7e6885eea84b,0c439b01-8ba3-11e7-b03c-7e6885eea84b,listVirtualRouterElements,allow
> > Domain
> >
> >
> Admin,bdb84ac5-8b90-11e7-b03c-7e6885eea84b,0c5cca93-8ba3-11e7-b03c-7e6885eea84b,rebootRouter,allow
> > Resource
> >
> >
> Admin,bdb82cbb-8b90-11e7-b03c-7e6885eea84b,0c44f5d3-8ba3-11e7-b03c-7e6885eea84b,rebootRouter,allow
> > Domain
> >
> >
> Admin,bdb84ac5-8b90-11e7-b03c-7e6885eea84b,0c5e7590-8ba3-11e7-b03c-7e6885eea84b,startRouter,allow
> > Domain
> >
> >
> Admin,bdb84ac5-8b90-11e7-b03c-7e6885eea84b,0c5e96a1-8ba3-11e7-b03c-7e6885eea84b,stopRouter,allow
> > Resource
> >
> >
> Admin,bdb82cbb-8b90-11e7-b03c-7e6885eea84b,0c46c127-8ba3-11e7-b03c-7e6885eea84b,startRouter,allow
> > Resource
> >
> >
> Admin,bdb82cbb-8b90-11e7-b03c-7e6885eea84b,0c46e5a0-8ba3-11e7-b03c-7e6885eea84b,stopRouter,allow
> >
> > Currently I'm usign cloudstack 4.9.3.1.
> >
> > It's possible to create this new role?
> >
> > Thanks in advance.
> >
> > --
> > Fernando.
> >
>
>
> --
> Daan
>


-- 
Fernando Alvarez.

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message