XCP-ng
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Scheduled snapshots only visible to self-service user when they're an admin *

    Scheduled Pinned Locked Moved Xen Orchestra
    5 Posts 3 Posters 515 Views 1 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D Offline
      duxepu
      last edited by

      Hi,

      it seems to me that the only way a self-service user can interact with snapshots that were created via backup schedule is if I make that user an admin. Is that intended behavior, am I missing something obvious?

      • Using xo-server 5.74.1 with xo-web 5.77.0
      • Self-service resource set
        • Has sufficient CPU, RAM, storage capacity
        • Has access to pool, host, SR, network where snaps are happening
        • Is managed by group of which affected user is a member
      • User has role user
      • ACLs include
        • Admin rights on VM
        • Operator rights on pool, hypervisor, SR

      The user can take snapshots manually on their VM perfectly fine, they are then able to see these snapshots and interact with them, also delete them. They can, however, not see snapshots taken per schedule unless I change their role to admin.

      Is there any way around that?

      Thanks!

      pdoniasP 1 Reply Last reply Reply Quote 0
      • olivierlambertO Offline
        olivierlambert Vates 🪐 Co-Founder CEO
        last edited by

        Question for @pdonias

        1 Reply Last reply Reply Quote 0
        • pdoniasP Offline
          pdonias Vates 🪐 XO Team @duxepu
          last edited by

          Hi @duxepu, no it's not intended. A Self Service user should be able to interact with all the VM's snapshots. Even delete them for now (we'll change that in the future for snapshots they didn't create themselves).
          What type of backup is it? Has the user been added to the Self Service before or after the backup was run?

          1 Reply Last reply Reply Quote 0
          • D Offline
            duxepu
            last edited by duxepu

            The snapshot job is of type Rolling Snapshot:

            • No advanced settings
            • VMs to backup
              • All statuses
              • In our pool
              • One tag selected
              • 5 VMs total are governed by this job
            • Schedule
              • 0 4 * * *
              • 9 snapshots retention
              • Enabled

            The user existed well before we started doing scheduled snapshots. I just created a new user, made them a member of our problematic user group and am seeing the same behavior as with original group members: snapshots via schedule are not visible unless I change a user's role to admin.

            Just to be on the absolute safe side though I did create a new backup schedule after creating my test user to check if order matters. Same result as before. Only difference in job config was that I chose a VM based on name instead of tag. Cron pattern was 27,28,29,30 18 * * * with 2 snapshots retention to get quick results. Snapshot were then visible for an admin but not for a user in the group that runs our resource pool.

            What's also interesting is that the user sees a snapshot count on affected VMs' Snapshots tab, the count being absolutely correct with 9 scheduled snapshots and one manual:
            Snapshot count without snapshots

            I'm not quite sure where the 10th snapshot came from. It's only visible to admin users. I already verified at the beginning that resource pool users can create their own snapshots perfectly fine and interact with them after creation. Since the 10th snapshot here is not visible I'm guessing it was created by means other than the backup schedule or a user in the resource pool. I created yet another snapshot with my own admin account just now that confirmed the theory: to a resource pool user my admin-created snapshot was counted but not visible.

            Just for fun I temporarily increased resource pool limits to see if those were affecting the situation. Looks like they weren't, behavior was unchanged.

            pdoniasP 1 Reply Last reply Reply Quote 0
            • pdoniasP Offline
              pdonias Vates 🪐 XO Team @duxepu
              last edited by

              @duxepu Ok, this is weird, I'm not able to reproduce that and I don't see how it's possible. Could you check a few things?

              • from an admin point of view, at the bottom of the VM's advanced tab, please check that the user has Admin ACLs on the VM
              • from the user's point of view, when you're on the snapshots tab, open the browser console (press F12 > Console tab) and check if there are any errors
              • do you have this issue with all the users of all your Self Service groups or is it more specific?

              Thanks!

              1 Reply Last reply Reply Quote 0
              • First post
                Last post