I am not sure if there is any documentation around for this but I think you will need to proceed in a similar fashion as I suggested for createAccount api. Or you can use another account type RESOURCE_DOMAIN_ADMIN which has permissions to do this. More info @ http://confluence.cloudstack.org/display/gen/Resource+Domain+Admin
Also, FYI I think there was discussion/work planned to make ACL more fine grained in the future releases as well, but I suggest you to state your use case so that it could be kept in mind while designing it. Thanks, -Nitin -----Original Message----- From: sx chen [mailto:cloudchen0...@gmail.com] Sent: Tuesday, September 18, 2012 2:56 PM To: cloudstack-dev@incubator.apache.org Subject: Re: How to make Domain Admin having the right adding account? Centainly I want to authorize domain admin to use the api:createAccount deleteAccount, updateAccount, createUser, deleteUser and updateUser within its domain as well .I also want to disable the user attach storage and let the domain admin do this. so, is there a document about this?or any suggestion? 2012/9/18 Nitin Mehta <nitin.me...@citrix.com> > Change the bitmap in the file commands.properties.in to 7 to allow > domain admin to execute this api (change 3 to 7). > createAccount=com.cloud.api.commands.CreateAccountCmd;3 > > You then might have to go into CreateAccountCmd implementation and > check if there is some ACL for restricting domain admin in using this api as > well. > > But, do you want to authorize domain admin only to use this api or > other account/user apis like deleteAccount, updateAccount, createUser, > deleteUser and updateUser as well ? > > Thanks, > -Nitin > > -----Original Message----- > From: sx chen [mailto:cloudchen0...@gmail.com] > Sent: Tuesday, September 18, 2012 12:58 PM > To: cloudstack-us...@incubator.apache.org > Subject: How to make Domain Admin having the right adding account? > > hi,all > I'm a CloudStack API developer,I want to know How to make Domain > Admin having the right adding account? > We know that only root user has the right to excute createAccount > API,So what should I do? >
