<p dir="ltr">It sounds line you're adding the permissions to ovirt through the "Users" tab on the top right. Thats the same thing I did at first. However, the user's tab is not where you manage all settings for users. Its a bit counterintuitive. When you add a user in that tab, it adds them to the "system" object and not to a particular VM or pool which is why the user has more than desired permissions. What you need to do is remove the users or groups from the "Users" tab and add them to the specific pool or VM by selecting the pool, then select the "permissions" sub-tab and then select "add". This will grant the permissions to only that specific resource. </p>
<div class="gmail_quote">On Jun 12, 2014 3:08 AM, "Itamar Heim" <<a href="mailto:iheim@redhat.com">iheim@redhat.com</a>> wrote:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
On 06/06/2014 05:52 AM, Artur Sarkisyan wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Thanks for replay, I have an IPA server for authentication. I am trying<br>
some scenarios, but I would like to setup pools of vm's for users,<br>
actually one pool for one user.<br>
</blockquote>
<br>
why one pool for one user?<br>
a pool allows you to give multiple users access to it, and, specify how many VMs each user can get from the pool.<br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<br>
Kind regards,<br>
Artur<br>
<br>
<br>
On Thu, Jun 5, 2014 at 8:30 PM, Jeff Clay <<a href="mailto:jeffclay@gmail.com" target="_blank">jeffclay@gmail.com</a><br>
<mailto:<a href="mailto:jeffclay@gmail.com" target="_blank">jeffclay@gmail.com</a>>> wrote:<br>
<br>
Yes, I have resolved this issue. It was due to my lack of<br>
understanding in how Ovirt expected things to be configured and<br>
setup. Are you using active directory for authentication and setting<br>
up pools of vm's for users to access?<br>
<br>
<br>
On Thu, Jun 5, 2014 at 1:10 PM, Artur Sarkisyan <<a href="mailto:s.artur@gmail.com" target="_blank">s.artur@gmail.com</a><br>
<mailto:<a href="mailto:s.artur@gmail.com" target="_blank">s.artur@gmail.com</a>>> wrote:<br>
<br>
Hi Jeff,<br>
<br>
I would like to know if you have resolved this issue?<br>
<br>
At this moment i'm building a poc and i have the same problem<br>
like yours:<br>
All users can see all vm's. Do you have some suggestions for me ?<br>
<br>
Thanks in advanced.<br>
<br>
<br>
Kind regards,<br>
Artur<br>
<br>
<br>
On Tue, May 6, 2014 at 10:32 PM, Jeff Clay <<a href="mailto:jeffclay@gmail.com" target="_blank">jeffclay@gmail.com</a><br>
<mailto:<a href="mailto:jeffclay@gmail.com" target="_blank">jeffclay@gmail.com</a>>> wrote:<br>
<br>
For some reason, when logged in as a user with a modifed<br>
copy role of<br>
UserRole (only has login permssion and VM -> Basic<br>
Operations -> Remote Log<br>
In permission) the user can see all of the VM's and has the<br>
ability to open<br>
a console, start, shutdown or suspend any of the VM's. I<br>
have verified that<br>
all of the VM's only show the SuperUser role in their<br>
permissions. I went<br>
through all of the roles and verified that the user is only<br>
a member of the<br>
Copy_of_UserRole. The only thing I can think of is that the<br>
user is<br>
inheriting permissions from something, but I can't find what<br>
it is or<br>
where. Any suggestions?<br>
<br>
Thanks.<br>
<br>
______________________________<u></u>_________________<br>
Users mailing list<br>
<a href="mailto:Users@ovirt.org" target="_blank">Users@ovirt.org</a> <mailto:<a href="mailto:Users@ovirt.org" target="_blank">Users@ovirt.org</a>><br>
<a href="http://lists.ovirt.org/mailman/listinfo/users" target="_blank">http://lists.ovirt.org/<u></u>mailman/listinfo/users</a><br>
<br>
<br>
<br>
<br>
<br>
<br>
______________________________<u></u>_________________<br>
Users mailing list<br>
<a href="mailto:Users@ovirt.org" target="_blank">Users@ovirt.org</a><br>
<a href="http://lists.ovirt.org/mailman/listinfo/users" target="_blank">http://lists.ovirt.org/<u></u>mailman/listinfo/users</a><br>
<br>
</blockquote>
<br>
</blockquote></div>