Comment 2 for bug 2019960
Revision history for this message
| Paolo E. Mazzon (pemazzon) wrote Re: Can't protect the "default" security group from regular users | #2 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
bbfa235
(Get the code!)
Hi, this is, in my opinion, the problem: "if you want to prevent a user from modifying the security group of other user". The default SG is not another user's SG: it's the SG you inherit - and that is 'forced' on your stuff - when you join a project (OK, you can duplicate it and remove the default one from your VMs...). Nothing wrong if this is managed by the project manager which, I think, is responsible for the shared resources but I see a problem when my VMs are working properly and suddenly they stop working because someone else - with no particular privileges - tamper with something they don't own exclusively. Other resources have the concept of "owner" attached (VMs, volumes, networks,...) so they can have their access regulated through policies, why can't security groups? By the way: this bug report stems from this post
https:/
where 2 different neutron developers agreed that the default SG is missing something and/or should be handled differently. (please note: with this I don't mean to force them into solving this :-D )