12:02 a.m.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Hi,
I'm fancing the same problem.
The steps are
- - create user /tester/ using the ovirt-aaa-jdbc-tool
- - login as admin into admin portal
- - add tester user in Administation -> Users
- - choose one VM and add UserRole role
- - login as testr into User Potal
- - user could see all VM..
The problem could be, that the user is part of the group Everyone and
this group could be found in Administration -> Configure > System
Permissions. When you check the group permisson, it seems to be
automatically populated by engine.
In my case I[m using default DC, default cluster and 'internal' profile
.
Seems that all engine object is included in Everyone group.
regards
Peter
On 15/05/2018 22:03, Roy Golan wrote:
On Tue, 15 May 2018 at 21:47 Aziz <azizgstest(a)gmail.com
<mailto:azizgstest@gmail.com>> wrote:
Hi Roy,
Thanks for your feedback, I'm unable to remove the user from the
cluster, I used the command "|ovirt-aaa-jdbc-tool user add|" to
add the new user, and it seems that by default it took all
permissions over the cluster. Is there any document describing this
feature in details ?
In the webadmin go to Administration -> Configure > System
Permissions. If the user is there, remove him. Then search for the
VM and add permissions to the user on the VM Check your end result
in the 'permisions' section of the VM to see who has permissions on
it.
This should be helpful, quite long though
https://www.ovirt.org/documentation/admin-guide/chap-Users_and_Roles/
This is for the tool itself
bc/
Thanks
On Tue, May 15, 2018 at 6:31 PM, Roy Golan <rgolan(a)redhat.com
<mailto:rgolan@redhat.com>> wrote:
1. Make sure your users use the VM portal 2. Assign permission on
VM to a certain user to make sure it apears in the portal. The Role
should be VmOperator afaik.
Permission set on objects higher in the hierarchy are cascading,
i.e a user with permission on a cluster would have the permission
on the all the vm in cluster.
On Tue, 15 May 2018 at 20:59 Aziz <azizgstest(a)gmail.com
<mailto:azizgstest@gmail.com>> wrote:
Hi list,
I'm trying to remove the default "everyone" user from Ovirt, so
that each user can have access to its own interface to manage a
unique VM. I wonder if this is possible, because so far I'm unable
to remove everyone user.
Thank you
_______________________________________________ Users mailing list
-- users(a)ovirt.org <mailto:users@ovirt.org> To unsubscribe send an
email to users-leave(a)ovirt.org <mailto:users-leave@ovirt.org>
_______________________________________________ Users mailing list
-- users(a)ovirt.org To unsubscribe send an email to
users-leave(a)ovirt.org
- --
*Peter Hudec*
Infraštruktúrny architekt
phudec(a)cnc.sk <mailto:phudec@cnc.sk>
*CNC, a.s.*
Borská 6, 841 04 Bratislava
Recepcia: +421 2 35 000 100
Mobil:+421 905 997 203
*www.cnc.sk* <http:///www.cnc.sk>
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEqSUbhuEwhryifNeVQnvVWOJ35BAFAlr7StYACgkQQnvVWOJ3
5BCYbQ//WiZTpgyHY6eD3kjtoomYu6UiuKCXYD0uhezUVFV7zROk85jp7BcoU847
MVRMKcu/5YOMBWyXpVy27OtQwCcquz5aChreYUH8zaPlH3O3qkf2ohziKsXlMAol
/75g+Ha+Zyueuv7afx+UIxgaDv7tkGWEnrXn5LBxuQjZqq1NLDMueQaD/fPwPlw+
SRXo4nGnvnsKIZGjsX+Otd73l8JlCr0apzYYC2KOHhM1Tfw2fRphPDk/zLOvjv2X
sxKrIWsK7OgBt5lDG0rzVj/qdf4SnsxXgbgvo03yc0MwBBX+NLRmwOLUjFiovze+
NwPuos87Iwo3Dv+wJ1oxYkAGgjl0t+TxbJP6SMwAH1g7T1jvA/aCeC/Bk7RXPldL
pI+cAqvNtNfidxx7CyKjgKn4MA3dT9lq95FOV1CgMP4xQcliqofOeZrW93dvDnE8
LBlni7okv1xjw3rj6MTjdkSCN+Hh8L5GY+WbZbx5An5aCVdkYjTNw0K5UWbBNxua
fAJKBf5UidYXjxSHxgE21JKscX0wzZUOtGn11qmXp/zAwvfn4yfIQzJiii2XCIZT
J9mcyb1084bGlK86wrRNLRMDAVkN4Rh3cWY2NRhe8hKpjOCqWC88QkmTi4SXjMRy
L/cOC+ea5/by1gCE5xKinaHNZaZDM/3rBYJW2HxJkCzdOBwxxIQ=
=cvu1
-----END PGP SIGNATURE-----