[ovirt-users] user permissions

Jorick Astrego j.astrego at netbulae.eu
Tue Jul 22 08:43:43 UTC 2014


Hi,

Sorry let be a bit more clear. I want to have a user that can log into 
the user portal and create vm's, stop them, add disks etc. But only as a 
user.

I tried the poweruser role and can do all things _except _creating a new 
VM.  I also want the user to only see and manipulate his own VM's and 
not the other ones running on the same system.

Even with the PowerUser role, I am not able to create a new VM as this 
user. Also when I edit the built-in PowerUser role, I only see the 
following rights selected:

Login Permissions

Template

Provisioning Operations
Create

VM


Provisioning Operations
Edit properties
Create

Disk

Provisioning Operations
Create

Everything else is deselected.

Kind regards,

Jorick Astrego
Netbulae

On 07/22/2014 10:35 AM, Oved Ourfali wrote:
> Hi
>
> You didn't really specify what you would like to accomplish, and what permissions were granted and on what object.
> In general, we have two types of roles: User and Admin roles.
> If a user has any admin role on any object, then he can login to the admin portal.
> So, as long as you don't assign the user with admin role he will not be able to login to the admin portal.
>
> Giving PowerUser role on a DC will allow the user to create VMs and Disks through the user portal.
> Is that what you would like to accomplish?
>
> Oved
>
> ----- Original Message -----
>> From: "Jorick Astrego" <j.astrego at netbulae.eu>
>> To: users at ovirt.org
>> Sent: Tuesday, July 22, 2014 11:32:16 AM
>> Subject: [ovirt-users] user permissions
>>
>> Hi,
>>
>> In our 3.4.3 environment I started adding external users (it is
>> connected to a freeipa server) and I'm having some problems setting the
>> correct permissions.
>>
>> When I give all user roles to a user, I cannot create a vm and get an
>> error "User is not authorized to perform this action". I tried setting
>> it on the system level, DC level and cluster level.
>>
>> I needed to give this user an administrator role with only exactly the
>> same vm and disk permissions (nothing extra) and things work ok, but he
>> can now login to the admin portal. So I blocked it with a .htaccess
>> which is not the prettiest solution.
>>
>> Am I doing things wrong?
>>
>> Also the user disappeared from the "System permissions" overview but can
>> still login, which is a bit weird.
>>
>> Kind regards,
>>
>> Jorick Astrego
>> Netbulae
>>
>> _______________________________________________
>> Users mailing list
>> Users at ovirt.org
>> http://lists.ovirt.org/mailman/listinfo/users
>>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ovirt.org/pipermail/users/attachments/20140722/ea503210/attachment-0001.html>


More information about the Users mailing list