<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<style type="text/css" style="display:none"><!--P{margin-top:0;margin-bottom:0;} .ms-cui-menu {background-color:#ffffff;border:1px rgb(171, 171, 171) solid;font-family:'Segoe UI WPC','Segoe UI',Tahoma,'Microsoft Sans Serif',Verdana,sans-serif;font-size:10pt;color:rgb(51, 51, 51);} .ms-cui-menusection-title {display:none;} .ms-cui-ctl {vertical-align:text-top;text-decoration:none;color:rgb(51, 51, 51);} .ms-cui-ctl-on {background-color:rgb(223, 237, 250);opacity: 0.8;} .ms-cui-img-cont-float {display:inline-block;margin-top:2px} .ms-cui-smenu-inner {padding-top:0px;} .ms-owa-paste-option-icon {margin: 0px 6px 0px 6px;vertical-align:middle!important;padding-bottom: 2px;display:inline-block;} .ms-rtePasteFlyout-option:hover {background-color:rgb(223, 237, 250) !important;opacity:1 !important;} .ms-rtePasteFlyout-option {padding:8px 4px 8px 4px;outline:none;} .ms-cui-menusection {float:left; width:85px;height:24px;overflow:hidden}.wf {speak:none; font-weight:normal; font-variant:normal; text-transform:none; -webkit-font-smoothing:antialiased; vertical-align:middle; display:inline-block;}.wf-family-owa {font-family:'o365Icons'}@font-face { font-family:'o365IconsIE8'; src:url('https://r4.res.outlook.com/owa/prem/16.0.277.8/resources/styles/office365icons.ie8.eot?#iefix') format('embedded-opentype'), url('https://r4.res.outlook.com/owa/prem/16.0.277.8/resources/styles/office365icons.ie8.woff') format('woff'), url('https://r4.res.outlook.com/owa/prem/16.0.277.8/resources/styles/office365icons.ie8.ttf') format('truetype'); font-weight:normal; font-style:normal;}@font-face { font-family:'o365IconsMouse'; src:url('https://r4.res.outlook.com/owa/prem/16.0.277.8/resources/styles/office365icons.mouse.eot?#iefix') format('embedded-opentype'), url('https://r4.res.outlook.com/owa/prem/16.0.277.8/resources/styles/office365icons.mouse.woff') format('woff'), url('https://r4.res.outlook.com/owa/prem/16.0.277.8/resources/styles/office365icons.mouse.ttf') format('truetype'); font-weight:normal; font-style:normal;}.wf-family-owa {font-family:'o365IconsMouse'}.ie8 .wf-family-owa {font-family:'o365IconsIE8'}.ie8 .wf-owa-play-large:before {content:'\e254';}.notIE8 .wf-owa-play-large:before {content:'\e054';}.ie8 .wf-owa-play-large {color:#FFFFFF/*$WFWhiteColor*/;}.notIE8 .wf-owa-play-large {border-color:#FFFFFF/*$WFWhiteColor*/; width:1.4em; height:1.4em; border-width:.1em; border-style:solid; border-radius:.8em; text-align:center; box-sizing:border-box; -moz-box-sizing:border-box; padding:0.1em; color:#FFFFFF/*$WFWhiteColor*/;}.ie8 .wf-size-play-large {width:40px; height:40px; font-size:30px}.notIE8 .wf-size-play-large {width:40px; height:40px; font-size:30px}.notIE8 .wf-owa-triangle-down-small:before {content:'\e052';}.ie8 .wf-owa-triangle-down-small:before { content:'\e052';}.ie8 .wf-owa-triangle-down-small {color:#666666/*$WFGreyColor*/;}.wf-size-x20 {font-size: 20px!important;}
<!--
@font-face
{font-family:SimSun}
@font-face
{font-family:SimSun}
@font-face
{font-family:Calibri}
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif"}
a:link, span.MsoHyperlink
{color:blue;
text-decoration:underline}
a:visited, span.MsoHyperlinkFollowed
{color:purple;
text-decoration:underline}
span.EmailStyle17
{font-family:"Calibri","sans-serif";
color:windowtext}
.MsoChpDefault
{font-family:"Calibri","sans-serif"}
@page WordSection1
{margin:1.0in 1.0in 1.0in 1.0in}
-->
--></style>
</head>
<body dir="ltr">
<div id="OWAFontStyleDivID" style="font-size:10pt;color:#000000;background-color:#FFFFFF;font-family:Tahoma, Geneva, sans-serif;">
<p><br>
</p>
<div>Hi Li,<br>
<br>
As fas as I know to migrate an instance you'll need admin priviliges.<br>
But if you want to allow this operation for normal user then might try editing /etc/nova/policy.json file and give privileges.
<br>
<br>
File: /etc/nova/policy.json <br>
change "compute_extension:admin_actions:migrate": "rule:admin_api" to<br>
"compute_extension:admin_actions:migrate": "<strong>rule:admin_or_owner</strong>"<br>
<br>
<br>
Regards,<br>
Sushma <br>
<br>
<div name="divtagdefaultwrapper" style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:; margin:0">
<div style="font-family:Tahoma; font-size:13px">
<div><font face="Tahoma" size="2"></font><br>
<font face="Tahoma" size="2"><br>
<font face="Comic Sans MS"><b><span style="font-size:9pt; color:rgb(31,73,125); font-family:'Calibri','sans-serif'"></span></b></font></font></div>
</div>
</div>
</div>
<div style="color: rgb(40, 40, 40);">
<hr tabindex="-1" style="display:inline-block; width:98%">
<div id="divRplyFwdMsg" dir="ltr"><font style="font-size:11pt" face="Calibri, sans-serif" color="#000000"><b>From:</b> Li, Chen <chen.li@intel.com><br>
<b>Sent:</b> Tuesday, June 24, 2014 1:44 PM<br>
<b>To:</b> openstack@lists.openstack.org<br>
<b>Subject:</b> [Openstack] How can I enable operation for non-admin user</font>
<div> </div>
</div>
<div>
<div class="WordSection1">
<p class="MsoNormal">Hi list,</p>
<p class="MsoNormal"> </p>
<p class="MsoNormal">I’m working under CentOS + icehouse.</p>
<p class="MsoNormal"> </p>
<p class="MsoNormal">While, I have an non-admin user “demo”, and I can work under this this user with basic operations.</p>
<p class="MsoNormal">Everything works well.</p>
<p class="MsoNormal"> </p>
<p class="MsoNormal">But, I also hope this user can do some admin operations, such as migrate and so on, because currently when I run command:</p>
<p class="MsoNormal" style="text-indent:.5in">nova migrate ${my_instance}</p>
<p class="MsoNormal">I get output:</p>
<p class="MsoNormal" style="text-indent:.5in">ERROR: Policy doesn't allow compute_extension:admin_actions:migrate to be performed. (HTTP 403) (Request-ID: req-698ad5b5-f1fe-48fc-b81f-a765020bf89f)</p>
<p class="MsoNormal"> </p>
<p class="MsoNormal">Anyone can help me ?</p>
<p class="MsoNormal"> </p>
<p class="MsoNormal">Thanks.</p>
<p class="MsoNormal">-chen</p>
</div>
</div>
</div>
</div>
<p>DISCLAIMER
==========
This e-mail may contain privileged and confidential information which is the property of Persistent Systems Ltd. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Persistent Systems Ltd. does not accept any liability for virus infected mails.
</p>
</body>
</html>