[Engine-devel] The ovirg-mange-domains tool makes super user by design?
Hello, I see that the "ovirt-manage-domains" tool updates the "users" and "permissions" table to make the user given in the "-user" option a super user. Is this by design? Shouldn't it just add the domain and leave the "permissions" and "users" table untouched? Thanks in advance, Juan Hernandez
----- Original Message -----
From: "Juan Hernandez" <juan.hernandez@redhat.com> To: engine-devel@ovirt.org Sent: Thursday, November 24, 2011 4:47:36 PM Subject: [Engine-devel] The ovirg-mange-domains tool makes super user by design?
Hello,
I see that the "ovirt-manage-domains" tool updates the "users" and "permissions" table to make the user given in the "-user" option a super user. Is this by design? Shouldn't it just add the domain and leave the "permissions" and "users" table untouched?
Yes. It is by design, for the reason that when this user is added, the administrator expects to login with it as well. If we won't add it to the users table, and set permissions to it, then he won't be able to login. I agree that with the introduction of the new admin@internal user, we can think of just setting it in vdc_options, and then if the administrator wants to add users to the new domain he will login with admin@internal, search for users, add them and set the correct permissions. But in order to do that you'll have to make sure the admin@internal user is enabled (i.e., its password is not blank). Otherwise you won't be able to login to the system.
Thanks in advance, Juan Hernandez _______________________________________________ Engine-devel mailing list Engine-devel@ovirt.org http://lists.ovirt.org/mailman/listinfo/engine-devel
participants (2)
-
Juan Hernandez -
Oved Ourfalli