You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@cloudstack.apache.org by "Sangeetha Hariharan (JIRA)" <ji...@apache.org> on 2014/05/06 01:06:14 UTC

[jira] [Created] (CLOUDSTACK-6581) IAM - Shared Network -Root Admin user is allowed to deploy VM in a shared network that is scoped for a specific domain/account.

Sangeetha Hariharan created CLOUDSTACK-6581:
-----------------------------------------------

             Summary: IAM - Shared Network -Root Admin user is allowed to deploy VM in a shared network that is scoped for a specific domain/account.
                 Key: CLOUDSTACK-6581
                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-6581
             Project: CloudStack
          Issue Type: Bug
      Security Level: Public (Anyone can view this level - this is the default.)
          Components: IAM
    Affects Versions: 4.4.0
         Environment: Build from 4.4
            Reporter: Sangeetha Hariharan
            Priority: Critical
             Fix For: 4.4.0


IAM - Shared Network -Root Admin user is allowed to deploy VM in a shared network that is scoped for a specific domain/account.

Steps to reproduce the problem:

Create a admin account for "ROOT" domain.
Create a domain d1 with account a1.

Create a shared network for domain d1 with sub domain access set to true.
Create a shared network for domain d1 with sub domain access set to false.
Create a shared network for account a1 d1 with sub domain access set to false.

As ROOT admin , try to deploy a VM in the above created shared networks.
Vm deployment succeeds.

Expected Result:

ROOT admin should not be allowed to deploy VMs in shared networks that are scoped for a specific domain/account.




--
This message was sent by Atlassian JIRA
(v6.2#6252)