Background: CloudStack has the following accounts – root admin, root user, domain/sub-domain admin, domain/sub-domain user

Requirements:

-          A root admin must be able to change the ownership of any VM/network/datadisk/snapshot/template/ISO from one account to any other account

-          A domain/sub-domain admin must be able to change the ownership of any VM/network/datadisk/snapshot/template/ISO under his/her domain/subdomain from one account to any other account under his/her domain/subdomain

Use cases are as follows: admin creates on behalf of another user and then assigns it the user. In a traditional enterprise, regular user may go to a service desk portal, request a marketing campaign application to be deployed. The admin might create a one or more VMs, setup the app, and turn it over the Line of Business User - in this case, we don't want to see every VM be assigned to admins only - this will create issues with billing etc.

Another use case: a developer has a bunch of VMs and he leaves the team/company - but, the manager wants to retain those work VMs or reassign it to another developer.

What works today: Move a user VM to another user under same domain. i.e. Admin can create a VM and assign it to an Account as long as the account belongs to the same domain as admin.

What doesnt work: assume a hierarchy: ROOT/TestDomain/SubDomain.  Moving a VM created by user under TestDomain to another account under SubDomain

  • No labels