<div dir="ltr"><div>Hi Alexis,</div><div><br></div>Permissions in oVirt consist of three parts:<div>1. The user/group</div><div>2. The role</div><div>3. The object</div><div><br></div><div>So, if you want a user to be able to "use" a VM, it should be enough to grant him a UserRole on the VM object (no need to go to the system preferences for that one).</div><div>If you want a user to be the owner of a VM (allows more actions on that VM than UserRole), then you should grant him with UserVmManager on the VM object.</div><div><br></div><div>The role itself consists of actions that are allowed to be done with it. You can view these actions in the UI through the system preferences dialog.</div><div><br></div><div>When you grant permissions on the system preferences dialog, then it means the "object" you grant on is the "system" object, which is in the higher part of the objects tree.</div><div>Normally you won't need that for users.</div><div><br></div><div>As for managing permissions, it can be done either via the UI, or the API, or one of the SDKs.</div><div>I guess it is a matter of preference and needs.</div><div><br></div><div>Cheers,</div><div>Oved</div><div><br></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Sun, Mar 5, 2017 at 1:51 PM, Alexis HAUSER <span dir="ltr"><<a href="mailto:alexis.hauser@imt-atlantique.fr" target="_blank">alexis.hauser@imt-atlantique.fr</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div style="font-family:times new roman,new york,times,serif;font-size:12pt;color:#000000"><div>hi, I'm trying to figure out how to manage VM permissions with ovirt.<br></div><div>From what I've understood, if you add a user to user role in the system preferences, this user can access every VM and resources on the cluster, with the associated permissions; right ?<br></div><div>Now, if I want to control who has access to each VM : I musn't add this user to user role from the system tab; but instead add it on each resources (like on each VM) it should access ?<br></div><div><br></div><div>Is there another way to manage permissions ? How you guys do personally manage this ? Do you automate it with scripts ?<br></div><div><br></div><div>Thanks for you ideas and suggestions<br></div><div><br></div><div>(using 3.6)<br></div></div></div><br>______________________________<wbr>_________________<br>
Users mailing list<br>
<a href="mailto:Users@ovirt.org">Users@ovirt.org</a><br>
<a href="http://lists.ovirt.org/mailman/listinfo/users" rel="noreferrer" target="_blank">http://lists.ovirt.org/<wbr>mailman/listinfo/users</a><br>
<br></blockquote></div><br></div>