You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@cloudstack.apache.org by GitBox <gi...@apache.org> on 2020/07/29 07:51:17 UTC

[GitHub] [cloudstack] gaaray2k opened a new issue #4227: confused aboutUser Permission

gaaray2k opened a new issue #4227:
URL: https://github.com/apache/cloudstack/issues/4227

I am a little confused as to how user accounts work on CS. right now I have an account called A which is domain admin in domain lab.com . if I add another user in account A, it gets the same "domain admin" permission. if I want to create another user with the "user" role, I would have to create another account with the "user" role under the same domain, but the new account would get difference resource count.

how do I setup a domain as follow?
if I have a customer call acme.com buying resources, I would create a domain called acme.com, then I would create an account called peter which is going to be an admin on that domain. then peter can create users that would get the "user" role under the same domain. resources consumed by a regular user need to counted from the sources available in the whole "account".

please dont bother sending me the link to CS docs. I already read it a 1000 and still dont get it.

apologized if I am not being clear as to what I am lookig for. the way CS implemented the user permission model is very confusing in my opinion.

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [cloudstack] gaaray2k edited a comment on issue #4227: confused about User Permission

Posted by GitBox <gi...@apache.org>.

gaaray2k edited a comment on issue #4227:
URL: https://github.com/apache/cloudstack/issues/4227#issuecomment-666009711


   This is what I mean. There is no role option when creating a user. The role option is just for accounts. Every user under the same account will have the same role. 
   
   ![Screenshot_20200729-205200](https://user-images.githubusercontent.com/67025242/88868202-835b5580-d1dd-11ea-88e4-fe5b6adbdcb3.png)
   


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [cloudstack] andrijapanicsb commented on issue #4227: confused about User Permission

Posted by GitBox <gi...@apache.org>.

andrijapanicsb commented on issue #4227:
URL: https://github.com/apache/cloudstack/issues/4227#issuecomment-666213747


   user doesn't have a role.
   Account does.
   
   As I said - observe user as just a username/password (login credentials) for the same account - multiple users in the same account, when they log in, they all "become" this single account


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [cloudstack] andrijapanicsb edited a comment on issue #4227: confused about User Permission

Posted by GitBox <gi...@apache.org>.

andrijapanicsb edited a comment on issue #4227:
URL: https://github.com/apache/cloudstack/issues/4227#issuecomment-665799984






----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [cloudstack] andrijapanicsb commented on issue #4227: confused about User Permission

Posted by GitBox <gi...@apache.org>.

andrijapanicsb commented on issue #4227:
URL: https://github.com/apache/cloudstack/issues/4227#issuecomment-665799984

@gaaray2k the correct place for QUESTIONS is the mailing list - you'll get better help there.

- USER = just username/password (or API/SECRET key) combination to become an ACCOUNT - i.e. once you log in with your credentials, you "become" an ACCOUNT - and everything you do / all resources created belong to this ACCOUNT.
-
- ACCOUNT = owner of all resources, with optionally limits on a per-account basis.
- DOMAIN ADMIN ACCOUNT = same as regular user-role ACCOUNT, but can see/manage all resources (including those of other ACCOUNTS) in his own domain. Resources can also be limited on a per-domain basis (but keep in mind that sum of all resources for all accounts in a domain, can not be more than the limits set on a domain level)....
- USER ACCOUNT - well, same as the domain account. but it has the user role - so can only create/manage his own resoruces (VMs, volumes, networks etc)

Does that gives you enough info?

In your case, inside your acme.com domain, you would create a DOMAIN ADMIN ACCOUNT called "peter" (i.e. an account with a "domain admin" role, not "user" role). Here, also a "user" (user/password) called "peter" will be automatically created for you DOMAIN ADMIN ACCOUNT named 'peter"... this is perhaps what confuses you (so there is account peter and automatically created user peter for that account)

Your DOMAIN ADMIN "peter" would then usually create ACCOUNTS of the "user" role (that will automatically create a "user" (user/password) for that account

Hope that makes sense.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [cloudstack] DaanHoogland closed issue #4227: confused about User Permission

Posted by GitBox <gi...@apache.org>.

DaanHoogland closed issue #4227:
URL: https://github.com/apache/cloudstack/issues/4227


   


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [cloudstack] DaanHoogland commented on issue #4227: confused about User Permission

Posted by GitBox <gi...@apache.org>.

DaanHoogland commented on issue #4227:
URL: https://github.com/apache/cloudstack/issues/4227#issuecomment-773894086


   > How can I add a domain admin if the domain doesn't show up in the list?
   
   @gaaray2k above I read that you added a user walvarez as domain admin so I am assuming some messages got crossed and this is answerred.


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [cloudstack] DaanHoogland commented on issue #4227: confused about User Permission

Posted by GitBox <gi...@apache.org>.

DaanHoogland commented on issue #4227:
URL: https://github.com/apache/cloudstack/issues/4227#issuecomment-665793646


   @gaaray2k I think your question makes sense, even when not understanding it completely; you want the resource count to be on domain level, or shared over the domain admin and the regular user account, do you?


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [cloudstack] DaanHoogland commented on issue #4227: confused about User Permission

Posted by GitBox <gi...@apache.org>.

DaanHoogland commented on issue #4227:
URL: https://github.com/apache/cloudstack/issues/4227#issuecomment-773894086


   > How can I add a domain admin if the domain doesn't show up in the list?
   
   @gaaray2k above I read that you added a user walvarez as domain admin so I am assuming some messages got crossed and this is answerred.


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [cloudstack] gaaray2k commented on issue #4227: confused about User Permission

Posted by GitBox <gi...@apache.org>.

gaaray2k commented on issue #4227:
URL: https://github.com/apache/cloudstack/issues/4227#issuecomment-666266892


   Then there is no way to have many users with different roles under the same account sharing resources.


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [cloudstack] andrijapanicsb commented on issue #4227: confused about User Permission

Posted by GitBox <gi...@apache.org>.

andrijapanicsb commented on issue #4227:
URL: https://github.com/apache/cloudstack/issues/4227#issuecomment-666323552

Correct. For resource sharing – you would probably want to use Projects – each resource created IN the Project (by any account joined to the project) will belong to the project (not the account) – and here you can share resources by simply adding more accounts (participants) to the project.

From: gaaray2k <no...@github.com>
Sent: Thursday, July 30, 2020 11:49 AM
To: apache/cloudstack <cl...@noreply.github.com>
Cc: Andrija Panic <an...@shapeblue.com>; Comment <co...@noreply.github.com>
Subject: Re: [apache/cloudstack] confused about User Permission (#4227)

Then there is no way to have many users with different roles under the same account sharing resources.

—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub<https://github.com/apache/cloudstack/issues/4227#issuecomment-666266892>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/AK5EN3KAYPU2U6VRHRV4EKLR6E6YVANCNFSM4PKZDX3Q>.

Andrija Panic
Cloud Architect
s: +44 20 3603 0540 | m: +381 69 272 3690
e: andrija.panic@shapeblue.com | w: www.shapeblue.com | t: @shapeblue
a: 3 London Bridge Street, 3rd floor, News Building, London SE1 9SGUK

Shape Blue Ltd is a company incorporated in England &amp; Wales. ShapeBlue Services India LLP is a company incorporated in India and is operated under license from Shape Blue Ltd. Shape Blue Brasil Consultoria Ltda is a company incorporated in Brasil and is operated under license from Shape Blue Ltd. ShapeBlue SA Pty Ltd is a company registered by The Republic of South Africa and is traded under license from Shape Blue Ltd. ShapeBlue is a registered trademark.This email and any attachments to it may be confidential and are intended solely for the use of the individual to whom it is addressed. Any views or opinions expressed are solely those of the author and do not necessarily represent those of Shape Blue Ltd or related companies. If you are not the intended recipient of this email, you must neither take any action based upon its contents, nor copy or show it to anyone. Please contact the sender if you believe you have received this email in error.

Find out more about ShapeBlue and our range of CloudStack related services:
IaaS Cloud Design &amp; Build | CSForge - rapid IaaS deployment framework
CloudStack Consulting | CloudStack Software Engineering
CloudStack Infrastructure Support | CloudStack Bootcamp Training Courses

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [cloudstack] gaaray2k commented on issue #4227: confused about User Permission

Posted by GitBox <gi...@apache.org>.

gaaray2k commented on issue #4227:
URL: https://github.com/apache/cloudstack/issues/4227#issuecomment-666583271


   here is another situation.
   
   from the root domain, I created a domain called lab.com which have user walvarez (domain admin). I logged in as walvarez and created another domain called test.com. my userstanding is that lab.com would be a reseller and test.com would be a customer of lab.com. the problem is that when I try to create an account for test.com, the domain test.com doesnt show up in the list  and it doesnt even let me pick a domain at all. it seems like a bug to me. it does this on both the lagacy UI and primate.
   
   ![Capture](https://user-images.githubusercontent.com/67025242/88959714-6f146880-d270-11ea-8dd2-b790c8209e62.PNG)
   


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [cloudstack] andrijapanicsb commented on issue #4227: confused about User Permission

Posted by GitBox <gi...@apache.org>.

andrijapanicsb commented on issue #4227:
URL: https://github.com/apache/cloudstack/issues/4227#issuecomment-666974559

You can’t add a user-role in an empty domain, until you add the domain-admin , afaik.

Further more, for the reseller model, I would suggest one domain/domain-admin account should be one reseller, then regular user-role accounts inside this same domain would be it’s customers. This way reseler (domain admin account) can manage its customer resoruces (user-role account create resoruces).

For another reseller, create another domain and domain-admin role account etc.

From: gaaray2k <no...@github.com>
Sent: Thursday, July 30, 2020 8:27 PM
To: apache/cloudstack <cl...@noreply.github.com>
Cc: Andrija Panic <an...@shapeblue.com>; Comment <co...@noreply.github.com>
Subject: Re: [apache/cloudstack] confused about User Permission (#4227)

here is another situation.

from the root domain, I created a domain called lab.com which have user walvarez (domain admin). I logged in as walvarez and created another domain called test.com. my userstanding is that lab.com would be a reseller and test.com would be a customer of lab.com. the problem is that when I try to create an account for test.com, the domain test.com doesnt show up in the list and it doesnt even let me pick a domain at all. it seems like a bug to me. it does this on both the lagacy UI and primate.

[Capture]<https://user-images.githubusercontent.com/67025242/88959714-6f146880-d270-11ea-8dd2-b790c8209e62.PNG>

—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub<https://github.com/apache/cloudstack/issues/4227#issuecomment-666583271>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/AK5EN3ON2XJLNWWE27XU2H3R6G3QNANCNFSM4PKZDX3Q>.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [cloudstack] DaanHoogland commented on issue #4227: confused about User Permission

Posted by GitBox <gi...@apache.org>.

DaanHoogland commented on issue #4227:
URL: https://github.com/apache/cloudstack/issues/4227#issuecomment-769676656


   @gaaray2k this question is stale as well, Are you still on it?


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [cloudstack] gaaray2k commented on issue #4227: confused about User Permission

Posted by GitBox <gi...@apache.org>.

gaaray2k commented on issue #4227:
URL: https://github.com/apache/cloudstack/issues/4227#issuecomment-667026804


   How can I add a domain admin if the domain doesn't show up in the list?


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [cloudstack] gaaray2k edited a comment on issue #4227: confused about User Permission

Posted by GitBox <gi...@apache.org>.

gaaray2k edited a comment on issue #4227:
URL: https://github.com/apache/cloudstack/issues/4227#issuecomment-666583271


   here is another situation.
   
   from the root domain, I created a domain called lab.com which have user walvarez (domain admin). I logged in as walvarez and created another domain called test.com. my userstanding is that lab.com would be a reseller and test.com would be a customer of lab.com. the problem is that when I try to create an account for test.com, the domain test.com doesnt show up in the list  and it doesnt even let me pick a domain at all. it seems like a bug to me. it does this on both the lagacy UI and primate. the workarround is to create the user for test.com from the root domain. but I dont think that is what people would want. I would want a reseller to be able to create accounts themselves.
   
   ![Capture](https://user-images.githubusercontent.com/67025242/88959714-6f146880-d270-11ea-8dd2-b790c8209e62.PNG)
   


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [cloudstack] gaaray2k commented on issue #4227: confused about User Permission

Posted by GitBox <gi...@apache.org>.

gaaray2k commented on issue #4227:
URL: https://github.com/apache/cloudstack/issues/4227#issuecomment-665840739






----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [cloudstack] DaanHoogland closed issue #4227: confused about User Permission

Posted by GitBox <gi...@apache.org>.

DaanHoogland closed issue #4227:
URL: https://github.com/apache/cloudstack/issues/4227


   


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org