non-Private Templates and Power User Portal

Latest response

 

When creating a template, you are given an option about whether or not to make the template private.

 

If you choose not to make your template private, then Everyone is added to the user list in the Permissions tab with a role of UserTemplateBasedVM.

 

It seems that users having the UserBasedTemplateVM role are allowed to access to the Power User Portal. 

 

So, creating a non-Private template gives all users access to the PowerUserPortal.

Responses

it shouldn't be a security issue, since the user can't take any actions 
because of this, just see the power user portal ui.

 

we show the power-user portal to any user that has permission to do something other than run/stop/connect to VM. If there is a public template in the setup, it means that this template is associated with a permission on Everyone to create a VM from that template. That makes everyone "power-users" automatically.

 

I'll file a bug to better address this behavior