cloudstack icon indicating copy to clipboard operation
cloudstack copied to clipboard

Published 20 hours ago verified publisher icon apache

Root admin not allowed to deploy in a VPC belonging to account in a non-ROOT domain

Open rohityadavcloud opened this issue 3 years ago • 0 comments

Root admin not allowed to deploy in a VPC belonging to account in a non-ROOT domain.

Steps to reproduce:

  • Create a domain D1 under ROOT domain
  • Create an account T1 in D1
  • Login as T1 user, create a VPC, a VPC tier, and deploy a VM on it
  • Logout, Login as a root admin
  • Deploy a VM in the VPC tier (it won't show the tier in UI, nor allow in API) (however, root admin was found to be able to create a new VPC tier in the VPC owned by T1 user)

Error seen in API:

deploy virtualmachine serviceofferingid=1bcaaebd-a6c6-4363-949e-77d00502992f templateid=711ee0f1-297f-41fe-9610-e2c93c00c0d2 zoneid=f992179a-4f24-4d22-9033-685b5af67214 networkids=b518afc5-0c2a-4a0b-a225-fcdee0b40f11 name=test123 🙈 Error: (HTTP 531, error code 4365) Unable to use network with id= b518afc5-0c2a-4a0b-a225-fcdee0b40f11, permission denied

ISSUE TYPE
  • Bug Report
COMPONENT NAME
VPC
CLOUDSTACK VERSION
4.16, 4.17
CONFIGURATION

Advance zone, KVM

rohityadavcloud avatar Sep 21 '22 06:09 rohityadavcloud