Manage default ACLs
See original GitHub issueEnhancement Request
Description
When new group is created this ACLs is applied by default:
1084 @580 -H--------------- * -m-- #0
1085 @580 --N----D--------- * u--- #0
And there is no way for override this behavior, even if you do this with one.group.allocate
method through XML-RPC API.
Use case
I use groups for manage quotas first and foremost, so I have a lot of groups. But even more groups I have ACL rules, because when new group is created, two new ACLs was added.
For example: I don’t need Datastore and Network permisions by default that creates by default when group is created.
I want to set access for selected datastores manually, by chmod
permisions of resource.
But for now, I need remove all default acl’s after group is created.
Interface Changes
I think there is can be some option in oned.conf
file for disable or override default ACLs
Another way add third optional parameter (type: boolean) to one.group.allocate
method for disable new ACLs when group creating.
In second case we also need additional key in CLI chekbox in Sunstone, when group is creating
Progress Status
- Branch created
- Code committed to development branch
- Testing - QA
- Documentation
- Release notes - resolved issues, compatibility, known issues
- Code committed to upstream release/hotfix branches
- Documentation committed to upstream release/hotfix branches
Issue Analytics
- State:
- Created 6 years ago
- Reactions:2
- Comments:5 (3 by maintainers)
Top GitHub Comments
This seems to be already implemented as discussed here: https://forum.opennebula.org/t/overriding-default-acls/5468/4
This issue can be closed, now default permissions can be set via oned.conf: