Vnet firewall edit permission

I have a user on my cluster that I want to give permission to edit their own vnet firewall rules. I created a separate SDN zone for them as I don’t see a way to give permissions on just a single vnet. I can give them permission to use that SDN zone, but I can’t find a way to give them access to the firewall rules…

Any suggestions would be greatly appreciated :)
 
Hi, could you please be a little more specific on your firewall setup? Which firewall software are you using? Is the firewall installed on every node?
 
I created a separate SDN zone for them as I don’t see a way to give permissions on just a single vnet.
The single VNETs don't show up in the ACL tree when you create a new permission under Datacenter->Permissions, but if you go to the SDN zone in the tree view, you can select the individual VNET and then right next to it, give out permissions on that VNET.

I think this is what you want right?
 
The single VNETs don't show up in the ACL tree when you create a new permission under Datacenter->Permissions, but if you go to the SDN zone in the tree view, you can select the individual VNET and then right next to it, give out permissions on that VNET.

I think this is what you want right?

Ah, I think that’s exactly what I want! I’ll go back to my lab to test ;)

Thanks!
 
The single VNETs don't show up in the ACL tree when you create a new permission under Datacenter->Permissions, but if you go to the SDN zone in the tree view, you can select the individual VNET and then right next to it, give out permissions on that VNET.

I think this is what you want right?

Sadly that didn't work. When I'm logged in as root I can see:

1735856262724.png

However I can't find a way to give someone access to Datacenter -> SDN -> VNet Firewall without making them administrator for the entire cluster. I just want to allow them to edit the firewall rules for one of the VNets.
 
I did try it myself, and it looks like that is currently not possible as even if I allow SDN.Allocate to a user, they are not allowed to edit the vnet firewall. Could you please open a feature request in our bugtracker, lining out the use-case to give users edit access to a vnet firewall?
 
  • Like
Reactions: Sander Steffann