[ovirt-users] Users/Groups Permissions

Ondra Machacek omachace at redhat.com
Tue Mar 6 08:27:43 UTC 2018 

On 03/05/2018 10:42 AM, Markus.Schaufler at ooe.gv.at wrote:
> Hi!
> 
> Still new to oVirt and got another question:
> 
> I have many Windows and Linux VMs and created for each the Windows and 
> Linux machines two Usergroups (limited and admins).
> 
> Now I want to grant the groups according permissions to according VMs. 
> How can I do this without clicking through every VM manually (e.g. by 
> mark several vms in the UI and manage their permissions or via CLI)?

You can use our Python SDK, please see below example:

 
https://github.com/oVirt/ovirt-engine-sdk/blob/master/sdk/examples/assign_permission_to_vms.py

Or you can use Ansible if you are familiar with it:

 
http://docs.ansible.com/ansible/latest/ovirt_permissions_module.html#examples

The playbook would look like:

  ---
- hosts: localhost
   connection: local
   vars:
      username: admin at internal
      password: thepassowrd
      insecure: True
      url: https://ovirt.example.com/ovirt-engine/api

   tasks:
   - name: Obtain SSO token
     ovirt_auth:
       url: "{{ url }}"
       username: "{{ username }}"
       password: "{{ password }}"
       insecure: "{{ insecure }}"

   - name: Add permissions to user
     ovirt_permissions:
       auth: "{{ ovirt_auth }}"
       user_name: user2
       authz_name: internal-authz
       object_type: vm
       object_name: "{{ item }}"
       role: UserVmManager
     with_items:
       - myvm1
       - myvm2
       - myvm3

   - name: Revoke SSO token
     ovirt_auth:
       state: absent
       ovirt_auth: "{{ ovirt_auth }}"

> 
> Many thanks in advance,
> 
> *Markus Schaufler, MSc*
> 
> Amt der Oö. Landesregierung
> Direktion Präsidium
> 
> Abteilung Informationstechnologie
> 
> Referat ST3 Server
> 
> A-4021 Linz, Kärntnerstraße 16
> 
> *Tel.:*+43 (0)732 7720 – 13138
> 
> *Fax:*+43 (0)732 7720 - 213255
> 
> *email:*markus.schaufler at ooe.gv.at <mailto:markus.schaufler at ooe.gv.at>
> 
> *Internet:*www.land-oberoesterreich.gv.at 
> <http://www.land-oberoesterreich.gv.at/>
> 
> *DVR:*0069264
> 
> Der Austausch von Nachrichten mit o.a. Absender via e-mail dient 
> ausschließlich Informationszwecken.
> Rechtsgültige Erklärungen dürfen über dieses Medium nur an das 
> offizielle Postfach it.post at ooe.gv.at <mailto:it.post at ooe.gv.at> 
> übermittelt werden.
> 
> 
> 
> _______________________________________________
> Users mailing list
> Users at ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
>

More information about the Users mailing list