[Engine-devel] Managing permissions on network

Itamar Heim iheim at redhat.com
Wed Nov 14 17:02:41 UTC 2012


On 11/14/2012 07:01 PM, Charlie wrote:
>> On 11/13/2012 09:57 PM, Charlie wrote:
>>>
>>> Will any of these groups and/or permissions be drawn from LDAP?
>>>
>>> Frankly, system admins are not looking for yet another console to
>>> manage permissions.
>
> On Tue, Nov 13, 2012 at 11:28 PM, Itamar Heim <iheim at redhat.com> wrote:
>
>> all users/groups come from LDAP.
>> you just need to give permissions to these groups/users in ovirt.
>> is that what you meant?
>
> Yes, mostly.  :)
>
> As long as you can give permissions to a set of LDAP groups (call them
> oVirtSysAdmin, oVirtUser, oVirtNetAdmin, or whatever) and after that
> never touch permissions again, that's perfect.
>
> That way an HR employee or junior sysadmin can assign users to these
> groups during user account creation, and you won't have to give
> somebody in HR the ability to define permissions in oVirt, or tie up a
> highly skilled admin with routine user account maintenance.

ok, that's exactly how oVirt works.



More information about the Engine-devel mailing list