cloudstack-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Stephan Seitz <s.se...@secretresearchfacility.com>
Subject problem assigning an instance to a different account in a different domain
Date Wed, 04 Nov 2015 14:59:44 GMT
Hi!

I'm trying to assign instances to a different account in a different
domain. Currently with no success.

The particular instances have been deployed by the initial "admin"
account in the ROOT domain, and should be assigned to a domain-admin
account.

id = 0d7a4ee7-5c6f-11e5-a590-3400a30d0aba <--- current domain
path = ROOT
================================================================================
id = 4298cfba-aa4d-4baa-8b0e-53e70d0ebbe5 <--- destination domain
path = ROOT/xxxx/yyyyyyyyyyy


id = 4b143f31-5c6f-11e5-a590-3400a30d0aba <-- current user in ROOT
account = admin
accountid = 4b14365a-5c6f-11e5-a590-3400a30d0aba
================================================================================
id = 54e79c7a-f3de-4b76-8c99-ffc18c555f5d <-- dest. user in dest. domain
account = zzz@yyyyyyyyyyyyyy
accountid = 76ec77a0-e0ca-459e-b211-eeacce52055c


With cloudmonkey (logged in as the admin in ROOT), I got following
result:

(local) 🐵 > assign virtualmachine
virtualmachineid=9b76aa5a-f97f-4bd0-8e9d-350816e42515
domainid=4298cfba-aa4d-4baa-8b0e-53e70d0ebbe5 account=zzz@yyyyyyyyyyyyyy
Error 530: Failed to move vm
Acct[76ec77a0-e0ca-459e-b211-eeacce52055c-zzz@yyyyyyyyyyyyyy] does not
have permission to operate within domain
id=0d7a4ee7-5c6f-11e5-a590-3400a30d0aba
cserrorcode = 9999
errorcode = 530
errortext = Failed to move vm
Acct[76ec77a0-e0ca-459e-b211-eeacce52055c-zzz@yyyyyyyyyyyyyy] does not
have permission to operate within domain
id=0d7a4ee7-5c6f-11e5-a590-3400a30d0aba


This looks like, the destination user, who is domain-admin of it's
domain needs to have access to the ROOT domain. I think this makes no
sense, since I wan't to assign the instance TO it.

Could someone please shed some light how to assign an instance to
another user in another domain?

Thanks in advance!

Stephan



Mime
View raw message