API: Problems creating virtual machines with a non-admin user

Latest response

I am running in to a problem using the REST API as a non-admin user.  The user has been granted the VmCreator and DiskCreator roles at the system level but when I try to create a virtual machine I receive the error "query execution failed due to insufficient permissions".  I am running RHEV 3.1.0-50 and this is a brand new install.  I can successfully create a virtual machine if I assign the superuser role to the user but I know in past installations of RHEV I have been able to create virtual machines with just the VmCreator role assigned.

I'm following the steps outlined here: https://access.redhat.com/knowledge/docs/en-US/Red_Hat_Enterprise_Virtualization/3.1/html/Developer_Guide/sect-REST_API_Guide-Example-Create_VM.html

As a side note, I am able to successfully create floating disks with this same user account following the steps here: https://access.redhat.com/knowledge/docs/en-US/Red_Hat_Enterprise_Virtualization/3.1/html/Developer_Guide/chap-REST_API_Guide-Floating_Disks.html

I see the following in /var/log/ovirt-engine/server.log when trying to create a virtual machine:

2013-03-22 06:30:17,486 WARN  [org.jboss.resteasy.core.SynchronousDispatcher] (ajp-/127.0.0.1:8702-4) failed to execute: org.
ovirt.engine.api.restapi.resource.BaseBackendResource$WebFaultException

Responses

Hi Anthony,

Can you verify that you have added the user with the VmCreator role to a specific data center or cluster. When applying this role to a cluster, you must also apply the DiskCreator role on an entire data center, or on specific storage domains ?  Also as a test can you log into the UserPortal with that user and create a virtual machine ?

Thanks

Josh Carter

Josh,

Thanks for responding.  I am able to create a virtual machine from the UserPortal with the non-admin user.  The user has been given the VmCreator and DiskCreator roles.

Thanks,
Tony

Anthony, 

Are you assigning the roles for the user at the datacenter level or the cluster level? Also if you assign the datacenter admin role to the user does your api script work ? 

-Josh

Josh,

I'm assigning the role at the system level by selecting "Configure" at the top of the RHEV-M screen and then adding roles under "System Permissions".  To answer your other question, yes the user can create VMs if assigned the DataCenterAdmin role.  I tried upgrading to the RHEV 3.2 beta to see if the issue was fixed but it still exists.  I'm now running RHEV 3.2.0-10.14.beta1.

Tony