[ovirt-users] Re: Roles and Permissions and Inheritance
On Wed, Dec 12, 2018 at 5:27 PM Brian Wilson <briwils2(a)cisco.com> wrote:
Is there a way to prevent Roles Assigned to Groups on Objects to
only
apply to where it is set?
Basically looking for a way to do what we had done in VMWare which
involved using the do not propagate permission setting.
be able
Seems to me that right now there is no way to set this so if i give access
to something at the top level of a DC those accesses wlll overide if i then
explcitly set another role and permission on an object underneath
Lets take as a concrete example the ovirtmgmt network. I do not want
users in the engine to be able to place VMs on this (but i want the
Superusers to be able to still) How can i accomplish this with the way
roles and permissions work with Ovirt?
There is an entity named Vnic Profile under the Network element.
When creating the Vnic Profile, you can define if you'd want it to be
'publicly' used or not.
In case you select the 'Public Use' option, a public permissions
(permissions to a special inner user called EVERYONE) is granted on that
profile.
See attached screenshot of that profile:
[image: Selection_978.png]
However, if the VM was already created and has a nic attached to
'ovirtmgmt', the admin will need to remove or replace the profile of the
restricted network.
thanks!
Brian
_______________________________________________
Users mailing list -- users(a)ovirt.org
To unsubscribe send an email to users-leave(a)ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct:
https://www.ovirt.org/community/about/community-guidelines/
List Archives:
https://lists.ovirt.org/archives/list/users@ovirt.org/message/PY6ZITVTLFN...
--
Regards,
Moti
Attachments:
- Selection_978.png (image/png — 43.6 KB)
- attachment.html (text/html — 3.0 KB)
