Hi Vincent, Actually, if the users can see the vnet, they can also request an IP. This is because the same permission USE is needed for both actions.
In the end, the permissions are set with the resource's chmod, or an ACL rule [1]. It may be that the vnet is in a cluster assigned to the group as a resource provider [2]. Internally, this creates an ACL rule that grants USE over all the vnets of that cluster. If you need a clarification for your specific setup, please copy the outputs of onegroup show, onevnet show, and oneacl list. Regards. [1] http://docs.opennebula.org/4.8/administration/users_and_groups/chmod.html [2] http://docs.opennebula.org/4.8/administration/users_and_groups/manage_groups.html#managing-vdc-and-resource-providers -- Carlos Martín, MSc Project Engineer OpenNebula - Flexible Enterprise Cloud Made Simple www.OpenNebula.org | cmar...@opennebula.org | @OpenNebula <http://twitter.com/opennebula> <cmar...@opennebula.org> On Wed, Sep 10, 2014 at 4:15 PM, <vinc...@vanderkussen.org> wrote: > Hi, > > I'm finalizing our ONE setup and I'm now busy putting all users > in groups so they can only access the things they need access to. > > One thing I find a bit strange is that users can see networks they > have no acccess to. As I see it now, each user must know what vnet > has access to before he can make a choice. It would be nice to have > a way to hide networks you can't use anyway. > > Or maybe I'm just looking over it.. :-) > > Regards, > Vincent > _______________________________________________ > Users mailing list > Users@lists.opennebula.org > http://lists.opennebula.org/listinfo.cgi/users-opennebula.org >
_______________________________________________ Users mailing list Users@lists.opennebula.org http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
