Skip to content

Disable default ACLs created for a new user group #7458

New issue
New issue
Open
Bug
Open
Disable default ACLs created for a new user group#7458
Bug
Assignees
paczerny
Labels
Category: Core & SystemStatus: Accepted
@balazsbme

Description

@balazsbme
balazsbme
opened on Jan 23, 2026

Description
Hey,
I was exploring whether it is possible to disable the default ACLs for a new user group.

I understand the answer is no. BUT as I was researching a bit, this has been a feature asked many times:
https://forum.opennebula.io/t/how-to-change-the-default-acl-added-on-group-creation/3240
https://forum.opennebula.io/t/acls-for-templates-restricted-to-groups-need-help-understanding/7801

I have tested that onegroup create --name asd2 --resources "" with empty string does not work, input validation does not accept it.

This was earlier implemented here: #3361 but this functionality seems broken now.

To Reproduce
Run onegroup create --name asd2 --resources ""
See validation error.

Expected behavior
There should be an option to NOT generate any default ACL rules for a new user group, and ensure that this is consistent with the working expectations (e.g. there is no unspecified access to resources)

Details

  • Affected Component: Core
  • Version: 7.0.2

Progress Status

  • Code committed
  • Testing - QA
  • Documentation (Release notes - resolved issues, compatibility, known issues)

Metadata

Metadata

Assignees

Labels

Category: Core & SystemStatus: Accepted

Type

Bug

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions