cloudstack-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Kristoffer Sheather - Cloud Central" <kristoffer.sheat...@cloudcentral.com.au>
Subject Re: Users of type 'User' and 'Domain-Admin' cannot update their own passwords / account details / create sub-domains
Date Wed, 31 Oct 2012 21:41:44 GMT
So how does a user reset their own password?  We need to enable users to 
reset their own passwords without our involvement.

Consider the service provider use case, we need to delegate things like 
resetting user passwords to the account holders themselves.

We also need to allow Domain-Admin's to be able to create additional 
accounts and sub-domains within their domain.  This caters for the 
'multi-level' reseller use case.

----------------------------------------
 From: "Alena Prokharchyk" <Alena.Prokharchyk@citrix.com>
Sent: Thursday, November 01, 2012 3:55 AM
To: "cloudstack-users@incubator.apache.org" 
<cloudstack-users@incubator.apache.org>, "kris@cloudcentral.com.au" 
<kris@cloudcentral.com.au>
Subject: Re: Users of type 'User' and 'Domain-Admin' cannot update their 
own passwords / account details / create sub-domains

On 10/31/12 4:01 AM, "Kristoffer Sheather - Cloud Central"
<kristoffer.sheather@cloudcentral.com.au> wrote:

>Not sure whether I'm going crazy or not, but I can't find a way for users
>with 'Domain-Admin' or 'User' roles to change their passwords, create
>sub-domains, etc.
>
>I can change them by logging in as the system administrator, but cannot
>change account passwords or create sub-domains if logged in as
>'Domain-Admin' for any account.
>
>This behaviour has been evident in my testing of CloudPlatform v3.0.4 and
>v3.0.5.  If anyone has any ideas please let me know.
>
>Regards,
>Kristoffer Sheather
>

Kristoffer,

It's by design.

Only Root admin can modify the domain structure (create/delete/update
subdomains) and add/remove/update accounts/users.

Domain admin can only enable/disable existing accounts/users in his
domain/subdomains.

Regular user can't perform any CRUD operations neither on other, nor on
his own account/domain.

-Alena.



Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message