[ovirt-users] Re: Preventing users to see other VMs

Hi All, Thank you Roy, this is working now as expected, however, I think the Edit button, should be removed for this user, there is no need to display the edit button if the user cannot use it to perform any operation, am I missing something ? You mean in the VM portal the user sees he can edit a VM when he doesn't

Best regards On Wed, May 16, 2018 at 9:12 AM, Peter Hudec <phudec(a)cnc.sk&gt; wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA512 > > I have found 2 related bug, a little bit older > > https://bugzilla.redhat.com/show_bug.cgi?id=1209505 > https://bugzilla.redhat.com/show_bug.cgi?id=1225274 > > But these are related only to DiskProfile. > > I haven't found any work about 'Everyone' group in documentation, so > I'm little bit confused why there is such a group. > > Peter > > On 15/05/2018 23:02, Peter Hudec wrote: > > Hi, > > > > I'm fancing the same problem. > > > > The steps are - create user /tester/ using the ovirt-aaa-jdbc-tool > > - login as admin into admin portal - add tester user in > > Administation -> Users - choose one VM and add UserRole role > > > > - login as testr into User Potal - user could see all VM.. > > > > The problem could be, that the user is part of the group Everyone > > and this group could be found in Administration -> Configure > > > System Permissions. When you check the group permisson, it seems > > to be automatically populated by engine. > > > > In my case I[m using default DC, default cluster and 'internal' > > profile . > > > > Seems that all engine object is included in Everyone group. > > > > regards Peter > > > > On 15/05/2018 22:03, Roy Golan wrote: > > > > > >> On Tue, 15 May 2018 at 21:47 Aziz <azizgstest(a)gmail.com > >> <mailto:azizgstest@gmail.com>> wrote: > > > >> Hi Roy, > > > >> Thanks for your feedback, I'm unable to remove the user from the > >> cluster, I used the command "|ovirt-aaa-jdbc-tool user add|" to > >> add the new user, and it seems that by default it took all > >> permissions over the cluster. Is there any document describing > >> this feature in details ? > > > > > > > >> In the webadmin go to Administration -> Configure > System > >> Permissions. If the user is there, remove him. Then search for > >> the VM and add permissions to the user on the VM Check your end > >> result in the 'permisions' section of the VM to see who has > >> permissions on it. > > > >> This should be helpful, quite long though > >> https://www.ovirt.org/documentation/admin-guide/chap-Users_and_Roles/ > > > >> > >> > > > > This is for the tool itself > >> https://www.ovirt.org/develop/release-management/features/infra/aaa-j > d > > > >> > >> > bc/ > > > > > > > > > >> Thanks > > > >> On Tue, May 15, 2018 at 6:31 PM, Roy Golan <rgolan(a)redhat.com > >> <mailto:rgolan@redhat.com>> wrote: > > > >> 1. Make sure your users use the VM portal 2. Assign permission on > >> VM to a certain user to make sure it apears in the portal. The > >> Role should be VmOperator afaik. > > > >> Permission set on objects higher in the hierarchy are cascading, > >> i.e a user with permission on a cluster would have the permission > >> on the all the vm in cluster. > > > > > >> On Tue, 15 May 2018 at 20:59 Aziz <azizgstest(a)gmail.com > >> <mailto:azizgstest@gmail.com>> wrote: > > > >> Hi list, > > > >> I'm trying to remove the default "everyone" user from Ovirt, so > >> that each user can have access to its own interface to manage a > >> unique VM. I wonder if this is possible, because so far I'm > >> unable to remove everyone user. > > > >> Thank you > > > > > >> _______________________________________________ Users mailing > >> list -- users(a)ovirt.org <mailto:users@ovirt.org> To unsubscribe > >> send an email to users-leave(a)ovirt.org > >> <mailto:users-leave@ovirt.org> > > > > > > > > > >> _______________________________________________ Users mailing > >> list -- users(a)ovirt.org To unsubscribe send an email to > >> users-leave(a)ovirt.org > > > > > > > > > > - -- > *Peter Hudec* > Infraštruktúrny architekt > phudec(a)cnc.sk <mailto:phudec@cnc.sk> > > *CNC, a.s.* > Borská 6, 841 04 Bratislava > Recepcia: +421 2 35 000 100 > > Mobil:+421 905 997 203 <+421%20905%20997%20203> > *www.cnc.sk* <http:///www.cnc.sk> > > _______________________________________________ > Users mailing list -- users(a)ovirt.org > To unsubscribe send an email to users-leave(a)ovirt.org > _______________________________________________ Users mailing list -- users(a)ovirt.org To unsubscribe send an email to users-leave(a)ovirt.org