<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<br>
<br>
<div class="moz-cite-prefix">On 10/26/2015 02:57 PM, Ondra Machacek
wrote:<br>
</div>
<blockquote cite="mid:562E3143.4010600@redhat.com" type="cite">
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
<br>
<br>
<div class="moz-cite-prefix">On 10/26/2015 02:53 PM, Jorick
Astrego wrote:<br>
</div>
<blockquote cite="mid:562E3075.5050203@netbulae.eu" type="cite">
<meta http-equiv="content-type" content="text/html;
charset=windows-1252">
Hi,<br>
<br>
Currently I'm trying to add an ovirt compute resource in forman
that is limited to the VM's of the user. <br>
<br>
When I give this user the PowerUser role, I cannot access the
api:<br>
<br>
<blockquote>query execution failed due to insufficient
permissions<br>
</blockquote>
</blockquote>
<br>
Are you sending header 'Filter: true' with the request ?<br>
If your user is not admin(PowerUserRole is not admin role),<br>
you have to use this header.<br>
<br>
<br>
</blockquote>
<br>
As I'm using forman, I have no control over this. There used to be a
bug, but it should have been patched months ago:<br>
<br>
<a class="moz-txt-link-freetext" href="http://projects.theforeman.org/issues/6835">http://projects.theforeman.org/issues/6835</a><br>
<br>
<blockquote>
<table class="attributes">
<tbody>
<tr>
<th><br>
</th>
<td>-</td>
</tr>
</tbody>
</table>
<hr>
<div class="description">
<div class="contextual"> </div>
<p><strong>Description</strong></p>
<div class="wiki">
<p>Cloned from <a class="external"
href="https://bugzilla.redhat.com/show_bug.cgi?id=1123676">https://bugzilla.redhat.com/show_bug.cgi?id=1123676</a>
<br>
Description of problem:<br>
When trying to create a rhev compute resource with non-admin
RHEV user, the following error occurs:</p>
<p>"query execution failed due to insufficient permissions."</p>
<p>The reason for this is the RHEV needs to be called with
'Filter: true' headers<br>
for the api to work correctly with non-admin user.</p>
<p>The rbovirt client library supports to specify the
filtered_api option, but fog and foreman don't have a
support for that</p>
<p><a class="external"
href="https://github.com/abenari/rbovirt/blob/a7c277e3fc5698e55e95a9432997b1a9c8d486ae/lib/rbovirt.rb#L54-L55">https://github.com/abenari/rbovirt/blob/a7c277e3fc5698e55e95a9432997b1a9c8d486ae/lib/rbovirt.rb#L54-L55</a></p>
</div>
</div>
<div id="history">
<h3>History</h3>
<div id="change-23740" class="journal has-details">
<div id="note-1">
<h4><a
href="http://projects.theforeman.org/issues/6835#note-1"
class="journal-link">#1</a> <img style="border: 1px
solid rgb(255, 204, 204); background-repeat: no-repeat;
background-position: center center; background-image:
url("data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAAAXNSR0IArs4c6QAAAAZiS0dEAP8A/wD/oL2nkwAAAAlwSFlzAAALEwAACxMBAJqcGAAAAAd0SU1FB9gMFRANL5LXnioAAAJWSURBVDjLnZI/ixtXFMV/972ZNzPSrmTtalexlsWBGMfEYOzaVciXyKdIkW/hFKnS22WafIDUxk0g2AQSgm0csIPWK42ktaSRNPP+pRBK5SLOqS7cew7ccw4xxrPJ+8XdHx4+7AE8e3Cj++zLm71fvrqT8x+QAK35dJr2n/x89urTa+eDm/cS+eI2y3eT+Lx/bt8u1vNqfDH++teXdk/6ThAfUUBIgL9ku75z/8WL7LOlhXIGJ0Pyw75wMcnGv//xSQ2DH4ddu9k01dXWsWzcofhYaiiViLjiWi9UWQa1gzcjWF7hgfzzW5ydnXB62JLjg0PTLfJertNepnQSIA+gE4Cs03UuNYYQYP4e5jPogmSG9vA6rrjC+0AxN2i5Qk0DpXVJhCQB0EVRrzqdFgB1DZfvCDHixiV2NqO6LHHKIKnQMoaWbFBgIrQVgIXaDc+JCHgP5QRZr4jzGWFbo6yncRYviiiQKUhBRch3Lyix4bgPWsAkcDkmZAV2OiE0DaI1WoEShRKF3sWnmt01pFBnJydEpZDEwHSGt47lYsls43AIXjTWV9R1Qx0DGahqLyAhbqrj0/ib0nRzXNoyCo0Kkor2llV0eKOwdUMg4pSQA7JPQXvnJv1B+GlwOvrGlaXB6fV2lb5t6qOtike56DSJgYDGBQcOAsQAfueBMeHR48fhadb1j/58HWARdt6yBv7+/vpBe2o5OogxlcaKdt5aKCNsk309W0WxKQjmQ33/9mJVAdWHdmo/tNvtRZIkfCz+ZQwGg6rT6Zj/LTAajTbD4bD5WIF/AAseEisPFO8uAAAAAElFTkSuQ
mC
C");"
alt="" class="gravatar" default="" rating="PG"
src="cid:part4.08060205.08060205@netbulae.eu"
ssl="false" title="[gravatar.com]" height="50"
width="50"> Updated by <a
href="http://projects.theforeman.org/users/3536"
class="user active">Dominic Cleal</a> <a
href="http://projects.theforeman.org/projects/foreman/activity?from=2014-07-30"
title="07/30/2014 05:47 AM">about 1 year</a> ago </h4>
<ul class="details">
<li><strong>Category</strong> set to <i>Compute resources
- oVirt</i></li>
<li><strong>Assigned To</strong> deleted (<del><i>Dominic
Cleal</i></del>)</li>
</ul>
</div>
</div>
<div id="change-35119" class="journal has-notes">
<div id="note-2">
<h4><a
href="http://projects.theforeman.org/issues/6835#note-2"
class="journal-link">#2</a> <img style="border: 1px
solid rgb(255, 204, 204); background-repeat: no-repeat;
background-position: center center; background-image:
url("data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAAAXNSR0IArs4c6QAAAAZiS0dEAP8A/wD/oL2nkwAAAAlwSFlzAAALEwAACxMBAJqcGAAAAAd0SU1FB9gMFRANL5LXnioAAAJWSURBVDjLnZI/ixtXFMV/972ZNzPSrmTtalexlsWBGMfEYOzaVciXyKdIkW/hFKnS22WafIDUxk0g2AQSgm0csIPWK42ktaSRNPP+pRBK5SLOqS7cew7ccw4xxrPJ+8XdHx4+7AE8e3Cj++zLm71fvrqT8x+QAK35dJr2n/x89urTa+eDm/cS+eI2y3eT+Lx/bt8u1vNqfDH++teXdk/6ThAfUUBIgL9ku75z/8WL7LOlhXIGJ0Pyw75wMcnGv//xSQ2DH4ddu9k01dXWsWzcofhYaiiViLjiWi9UWQa1gzcjWF7hgfzzW5ydnXB62JLjg0PTLfJertNepnQSIA+gE4Cs03UuNYYQYP4e5jPogmSG9vA6rrjC+0AxN2i5Qk0DpXVJhCQB0EVRrzqdFgB1DZfvCDHixiV2NqO6LHHKIKnQMoaWbFBgIrQVgIXaDc+JCHgP5QRZr4jzGWFbo6yncRYviiiQKUhBRch3Lyix4bgPWsAkcDkmZAV2OiE0DaI1WoEShRKF3sWnmt01pFBnJydEpZDEwHSGt47lYsls43AIXjTWV9R1Qx0DGahqLyAhbqrj0/ib0nRzXNoyCo0Kkor2llV0eKOwdUMg4pSQA7JPQXvnJv1B+GlwOvrGlaXB6fV2lb5t6qOtike56DSJgYDGBQcOAsQAfueBMeHR48fhadb1j/58HWARdt6yBv7+/vpBe2o5OogxlcaKdt5aKCNsk309W0WxKQjmQ33/9mJVAdWHdmo/tNvtRZIkfCz+ZQwGg6rT6Zj/LTAajTbD4bD5WIF/AAseEisPFO8uAAAAAElFTkSuQ
mC
C");"
alt="" class="gravatar" default="" rating="PG"
src="cid:part4.08060205.08060205@netbulae.eu"
ssl="false" title="[gravatar.com]" height="50"
width="50"> Updated by <a
href="http://projects.theforeman.org/users/5429"
class="user active">Tom Caspy</a> <a
href="http://projects.theforeman.org/projects/foreman/activity?from=2015-01-13"
title="01/13/2015 04:12 AM">10 months</a> ago </h4>
<div class="wiki" id="journal-35119-notes">
<p>added a pull request to the fog gem: <a
class="external"
href="https://github.com/fog/fog/pull/3393">https://github.com/fog/fog/pull/3393</a></p>
</div>
</div>
</div>
<div id="change-44024" class="journal has-notes">
<div id="note-3">
<h4><a
href="http://projects.theforeman.org/issues/6835#note-3"
class="journal-link">#3</a> <img style="border: 1px
solid rgb(255, 204, 204); background-repeat: no-repeat;
background-position: center center; background-image:
url("data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAAAXNSR0IArs4c6QAAAAZiS0dEAP8A/wD/oL2nkwAAAAlwSFlzAAALEwAACxMBAJqcGAAAAAd0SU1FB9gMFRANL5LXnioAAAJWSURBVDjLnZI/ixtXFMV/972ZNzPSrmTtalexlsWBGMfEYOzaVciXyKdIkW/hFKnS22WafIDUxk0g2AQSgm0csIPWK42ktaSRNPP+pRBK5SLOqS7cew7ccw4xxrPJ+8XdHx4+7AE8e3Cj++zLm71fvrqT8x+QAK35dJr2n/x89urTa+eDm/cS+eI2y3eT+Lx/bt8u1vNqfDH++teXdk/6ThAfUUBIgL9ku75z/8WL7LOlhXIGJ0Pyw75wMcnGv//xSQ2DH4ddu9k01dXWsWzcofhYaiiViLjiWi9UWQa1gzcjWF7hgfzzW5ydnXB62JLjg0PTLfJertNepnQSIA+gE4Cs03UuNYYQYP4e5jPogmSG9vA6rrjC+0AxN2i5Qk0DpXVJhCQB0EVRrzqdFgB1DZfvCDHixiV2NqO6LHHKIKnQMoaWbFBgIrQVgIXaDc+JCHgP5QRZr4jzGWFbo6yncRYviiiQKUhBRch3Lyix4bgPWsAkcDkmZAV2OiE0DaI1WoEShRKF3sWnmt01pFBnJydEpZDEwHSGt47lYsls43AIXjTWV9R1Qx0DGahqLyAhbqrj0/ib0nRzXNoyCo0Kkor2llV0eKOwdUMg4pSQA7JPQXvnJv1B+GlwOvrGlaXB6fV2lb5t6qOtike56DSJgYDGBQcOAsQAfueBMeHR48fhadb1j/58HWARdt6yBv7+/vpBe2o5OogxlcaKdt5aKCNsk309W0WxKQjmQ33/9mJVAdWHdmo/tNvtRZIkfCz+ZQwGg6rT6Zj/LTAajTbD4bD5WIF/AAseEisPFO8uAAAAAElFTkSuQ
mC
C");"
alt="" class="gravatar" default="" rating="PG"
src="cid:part4.08060205.08060205@netbulae.eu"
ssl="false" title="[gravatar.com]" height="50"
width="50"> Updated by <a
href="http://projects.theforeman.org/users/3"
class="user active">Ohad Levy</a> <a
href="http://projects.theforeman.org/projects/foreman/activity?from=2015-06-09"
title="06/09/2015 02:42 PM">5 months</a> ago </h4>
<div class="wiki" id="journal-44024-notes">
<p>Fog PR has been merged a while ago.<br>
</p>
</div>
</div>
</div>
</div>
</blockquote>
<div id="history">
<div id="change-44024" class="journal has-notes">
<div id="note-3">
<div class="wiki" id="journal-44024-notes">
<p>The version of rbovirt we have is:<br>
</p>
<p>ruby193-rubygem-rbovirt-0.0.35-1.el6.noarch<br>
<br>
Kind regards,<br>
</p>
<p>Jorick<br>
</p>
</div>
</div>
</div>
</div>
<blockquote>
<div id="history">
<div id="change-44024" class="journal has-notes">
<div id="note-3"> </div>
</div>
</div>
</blockquote>
<blockquote cite="mid:562E3143.4010600@redhat.com" type="cite">
<blockquote cite="mid:562E3075.5050203@netbulae.eu" type="cite">
<blockquote> <br>
</blockquote>
When I give this user the SuperUser role, I can access the api.
But I can see all the VM's of all users.<br>
<br>
How can I grant api access so the user can deploy through forman
without giving access to all the vm's in our oVirt environment?<br>
<br>
Kind regards,<br>
<br>
Jorick<br>
<br>
<br>
<br>
<br>
<span style="color:#604c78;"><font color="000000"><span
style="mso-fareast-language:en-gb;" lang="NL">Met
vriendelijke groet, With kind regards,<br>
<br>
Jorick Astrego<br>
</span></font></span><b style="color:#604c78"><br>
Netbulae Virtualization Experts </b><br>
<hr style="border:none;border-top:1px solid #ccc;">
<table style="width: 522px">
<tbody>
<tr>
<td style="width: 130px;font-size: 10px">Tel: 053 20 30
270</td>
<td style="width: 130px;font-size: 10px"><a
moz-do-not-send="true"
class="moz-txt-link-abbreviated"
href="mailto:info@netbulae.eu">info@netbulae.eu</a></td>
<td style="width: 130px;font-size: 10px">Staalsteden 4-3A</td>
<td style="width: 130px;font-size: 10px">KvK 08198180</td>
</tr>
<tr>
<td style="width: 130px;font-size: 10px">Fax: 053 20 30
271</td>
<td style="width: 130px;font-size: 10px"><a
moz-do-not-send="true"
class="moz-txt-link-abbreviated"
href="http://www.netbulae.eu">www.netbulae.eu</a></td>
<td style="width: 130px;font-size: 10px">7547 TA Enschede</td>
<td style="width: 130px;font-size: 10px">BTW
NL821234584B01</td>
</tr>
</tbody>
</table>
<br>
<hr style="border:none;border-top:1px solid #ccc;"><br>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Users mailing list
<a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:Users@ovirt.org">Users@ovirt.org</a>
<a moz-do-not-send="true" class="moz-txt-link-freetext" href="http://lists.ovirt.org/mailman/listinfo/users">http://lists.ovirt.org/mailman/listinfo/users</a>
</pre>
</blockquote>
<br>
</blockquote>
<br>
<BR />
<BR />
<b style="color:#604c78"></b><br><br><span style="color:#604c78;"><font color="000000"><span style="mso-fareast-language:en-gb;" lang="NL">Met vriendelijke groet, With kind regards,<br><br>Jorick Astrego<br></span></font></span><b style="color:#604c78"><br>Netbulae Virtualization Experts </b><br><hr style="border:none;border-top:1px solid #ccc;"><table style="width: 522px"><tbody><tr><td style="width: 130px;font-size: 10px">Tel: 053 20 30 270</td> <td style="width: 130px;font-size: 10px">info@netbulae.eu</td> <td style="width: 130px;font-size: 10px">Staalsteden 4-3A</td> <td style="width: 130px;font-size: 10px">KvK 08198180</td></tr><tr> <td style="width: 130px;font-size: 10px">Fax: 053 20 30 271</td> <td style="width: 130px;font-size: 10px">www.netbulae.eu</td> <td style="width: 130px;font-size: 10px">7547 TA Enschede</td> <td style="width: 130px;font-size: 10px">BTW NL821234584B01</td></tr></tbody></table><br><hr style="border:none;border-top:1px solid #ccc;"><BR />
</body>
</html>