Hello, Devs. This is related to basic zone with SGs and ACS 4.10.
I created ROOT/user1 domain and user1 account of role DomainAdmin for that domain respectively. In ROOT domain I have default network as usual and several templates. But, domain admin unable to view details for those templates and listNetworks. Cloudstack states: Acct[162b26e6-052a-43bb-9116-acb7555b6d7d-user1] does not have permission to operate within domain id=6764b1a8-c69b-11e7-bdcf-0242ac110004 The similar result is for Acct[162b26e6-052a-43bb-9116-acb7555b6d7d-user1] does not have permission to operate within domain id=6764b1a8-c69b-11e7-bdcf-0242ac110004 listNetworks API. Please, could you comment if it's expected behaviour or not? Anyway with that bug creation of VM is impossible inside of domains via UI because of security notice which leads to inability to select SG. 2017-12-07 14:38:30,518 DEBUG [c.c.a.ApiServlet] (catalina-exec-1:ctx-014419b8) (logid:a4a3658e) ===START=== 91.221.61.126 -- GET command=listNetworks&trafficType=Guest&zoneId=d477bb3f-3592-4503-8f2a-da3d878dd476&response=json&_=1512632310523 2017-12-07 14:38:30,530 DEBUG [o.a.c.a.BaseCmd] (catalina-exec-1:ctx-014419b8 ctx-9e325b66) (logid:a4a3658e) Ignoring paremeter displaynetwork as the caller is not authorized to pass it in 2017-12-07 14:38:30,532 DEBUG [o.a.c.a.BaseCmd] (catalina-exec-1:ctx-014419b8 ctx-9e325b66) (logid:a4a3658e) Ignoring paremeter displaynetwork as the caller is not authorized to pass it in I also checked dynamic role config for domain admin. Everything is OK. listNetworks is allowed, but I believe it's related to self-owned objects. -- With best regards, Ivan Kudryavtsev Bitworks Software, Ltd. Cell: +7-923-414-1515 WWW: http://bitworks.software/ <http://bw-sw.com/>
