[Engine-devel] Permissions involved in using REST API

Itamar Heim iheim at redhat.com
Mon Nov 11 18:11:01 UTC 2013


On 11/11/2013 01:08 PM, Jonathan Daugherty wrote:
>> the main difference between an 'admin' and a 'user' is that admin has
>> read-only permission to see all objects in the system, and a user can
>> only see objects they have permissions on.
>
> But this distinction does not apply to API access, apparently; regular
> users cannot access the API at all as far as I can tell.  I wouldn't
> mind giving API users 'admin' status if that's what it takes, but I'm
> concerned about the meaning of 'admin' changing in the future.

regular users *can* access the API, they just need to pass the 
filter:true in the request header.

>
> I think the trouble here is that by doing it this way oVirt is presuming
> what the access policy is by baking rights into the 'admin' status.  On
> a site-by-site basis the definition of 'admin' is going to vary.
>
> Thanks,
>




More information about the Engine-devel mailing list