This is a multi-part message in MIME format.
--------------020802020500080801040002
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Hi,
Sorry let be a bit more clear. I want to have a user that can log into
the user portal and create vm's, stop them, add disks etc. But only as a
user.
I tried the poweruser role and can do all things _except _creating a new
VM. I also want the user to only see and manipulate his own VM's and
not the other ones running on the same system.
Even with the PowerUser role, I am not able to create a new VM as this
user. Also when I edit the built-in PowerUser role, I only see the
following rights selected:
Login Permissions
Template
Provisioning Operations
Create
VM
Provisioning Operations
Edit properties
Create
Disk
Provisioning Operations
Create
Everything else is deselected.
Kind regards,
Jorick Astrego
Netbulae
On 07/22/2014 10:35 AM, Oved Ourfali wrote:
Hi
You didn't really specify what you would like to accomplish, and what permissions
were granted and on what object.
In general, we have two types of roles: User and Admin roles.
If a user has any admin role on any object, then he can login to the admin portal.
So, as long as you don't assign the user with admin role he will not be able to login
to the admin portal.
Giving PowerUser role on a DC will allow the user to create VMs and Disks through the
user portal.
Is that what you would like to accomplish?
Oved
----- Original Message -----
> From: "Jorick Astrego" <j.astrego(a)netbulae.eu>
> To: users(a)ovirt.org
> Sent: Tuesday, July 22, 2014 11:32:16 AM
> Subject: [ovirt-users] user permissions
>
> Hi,
>
> In our 3.4.3 environment I started adding external users (it is
> connected to a freeipa server) and I'm having some problems setting the
> correct permissions.
>
> When I give all user roles to a user, I cannot create a vm and get an
> error "User is not authorized to perform this action". I tried setting
> it on the system level, DC level and cluster level.
>
> I needed to give this user an administrator role with only exactly the
> same vm and disk permissions (nothing extra) and things work ok, but he
> can now login to the admin portal. So I blocked it with a .htaccess
> which is not the prettiest solution.
>
> Am I doing things wrong?
>
> Also the user disappeared from the "System permissions" overview but can
> still login, which is a bit weird.
>
> Kind regards,
>
> Jorick Astrego
> Netbulae
>
> _______________________________________________
> Users mailing list
> Users(a)ovirt.org
>
http://lists.ovirt.org/mailman/listinfo/users
>
--------------020802020500080801040002
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: 8bit
<html>
<head>
<meta content="text/html; charset=UTF-8"
http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
Hi, <br>
<br>
Sorry let be a bit more clear. I want to have a user that can log
into the user portal and create vm's, stop them, add disks etc. But
only as a user.<br>
<br>
I tried the poweruser role and can do all things <u>except </u>creating
a new VM. I also want the user to only see and manipulate his own
VM's and not the other ones running on the same system.<br>
<br>
Even with the PowerUser role, I am not able to create a new VM as
this user. Also when I edit the built-in PowerUser role, I only see
the following rights selected:<br>
<br>
<div class="GPDB324CDIB"><span><input
id="RolePopupView_tree_root0_node0_node2" tabindex="-1"
checked="checked" disabled="disabled"
type="checkbox"></span><span>Login
Permissions<br>
<br>
</span>
<div class="GPDB324CDIB GPDB324CFIB"><span><input
id="RolePopupView_tree_root2" tabindex="-1"
disabled="disabled"
type="checkbox"></span><span>Template</span></div>
<div style="padding-left: 16px;" class="GPDB324CAIB">
<div onclick="" style="padding-left:
16px;position:relative;"
class="GPDB324CAIB GPDB324CCIB">
<div class="GPDB324CBIB" style="left: 0px;width: 15px;height:
15px;position:absolute;"><br>
</div>
<div class="GPDB324CDIB GPDB324CFIB"><span><input
id="RolePopupView_tree_root2_node1" tabindex="-1"
disabled="disabled"
type="checkbox"></span><span>Provisioning
Operations</span></div>
</div>
</div>
<div aria-level="3" aria-posinset="1"
aria-setsize="3"
role="treeitem" aria-selected="true">
<div style="padding-left: 32px;" class="GPDB324CAIB
GPDB324CGIB">
<div onclick="" style="padding-left:
16px;position:relative;"
class="GPDB324CAIB GPDB324CCIB">
<div class="GPDB324CDIB"><span><input
id="RolePopupView_tree_root2_node1_node0"
tabindex="-1" checked="checked"
disabled="disabled"
type="checkbox"></span><span>Create</span></div>
</div>
</div>
</div>
<br>
</div>
<span>VM</span>
<div aria-level="2" aria-expanded="false"
aria-posinset="1"
aria-setsize="3" role="treeitem"
aria-selected="false">
<div style="padding-left: 16px;" class="GPDB324CAIB">
<div onclick="" style="padding-left:
16px;position:relative;"
class="GPDB324CAIB GPDB324CCIB">
<div class="GPDB324CBIB" style="left: 0px;width: 15px;height:
15px;position:absolute;"><br>
</div>
</div>
</div>
</div>
<div style="padding-left: 16px;" class="GPDB324CAIB">
<div onclick="" style="padding-left:
16px;position:relative;"
class="GPDB324CAIB GPDB324CCIB">
<div class="GPDB324CBIB" style="left: 0px;width: 15px;height:
15px;position:absolute;"><br>
</div>
<div class="GPDB324CDIB GPDB324CFIB"><span><input
id="RolePopupView_tree_root3_node1" tabindex="-1"
disabled="disabled"
type="checkbox"></span><span>Provisioning
Operations</span></div>
</div>
</div>
<div aria-level="3" aria-posinset="1"
aria-setsize="5"
role="treeitem" aria-selected="false">
<div style="padding-left: 32px;" class="GPDB324CAIB">
<div onclick="" style="padding-left:
16px;position:relative;"
class="GPDB324CAIB GPDB324CCIB">
<div class="GPDB324CDIB"><span><input
id="RolePopupView_tree_root3_node1_node0"
tabindex="-1"
disabled="disabled"
type="checkbox"></span><span>Edit
properties</span></div>
</div>
</div>
</div>
<div aria-level="3" aria-posinset="2"
aria-setsize="5"
role="treeitem" aria-selected="true">
<div style="padding-left: 32px;" class="GPDB324CAIB
GPDB324CGIB">
<div onclick="" style="padding-left:
16px;position:relative;"
class="GPDB324CAIB GPDB324CCIB">
<div tabindex="0"
class="GPDB324CDIB"><span><input
id="RolePopupView_tree_root3_node1_node1"
tabindex="-1"
checked="checked" disabled="disabled"
type="checkbox"></span><span>Create</span></div>
</div>
</div>
</div>
<br>
<div class="GPDB324CDIB GPDB324CFIB"><span><input
id="RolePopupView_tree_root5" tabindex="-1"
disabled="disabled"
type="checkbox"></span><span>Disk</span></div>
<div style="padding-left: 16px;" class="GPDB324CAIB">
<div onclick="" style="padding-left:
16px;position:relative;"
class="GPDB324CAIB GPDB324CCIB">
<div class="GPDB324CBIB" style="left: 0px;width: 15px;height:
15px;position:absolute;"><br>
</div>
<div class="GPDB324CDIB GPDB324CFIB"><span><input
id="RolePopupView_tree_root5_node0" tabindex="-1"
disabled="disabled"
type="checkbox"></span><span>Provisioning
Operations</span></div>
</div>
</div>
<div aria-level="3" aria-posinset="1"
aria-setsize="6"
role="treeitem" aria-selected="true">
<div style="padding-left: 32px;" class="GPDB324CAIB
GPDB324CGIB">
<div onclick="" style="padding-left:
16px;position:relative;"
class="GPDB324CAIB GPDB324CCIB">
<div class="GPDB324CDIB"><span><input
id="RolePopupView_tree_root5_node0_node0"
tabindex="-1"
checked="checked" disabled="disabled"
type="checkbox"></span><span>Create</span></div>
</div>
</div>
</div>
<br>
Everything else is deselected.<br>
<br>
Kind regards,<br>
<br>
Jorick Astrego<br>
Netbulae<br>
<br>
<div class="moz-cite-prefix">On 07/22/2014 10:35 AM, Oved Ourfali
wrote:<br>
</div>
<blockquote
cite="mid:1074377558.11486624.1406018123359.JavaMail.zimbra@redhat.com"
type="cite">
<pre wrap="">Hi
You didn't really specify what you would like to accomplish, and what permissions were
granted and on what object.
In general, we have two types of roles: User and Admin roles.
If a user has any admin role on any object, then he can login to the admin portal.
So, as long as you don't assign the user with admin role he will not be able to login
to the admin portal.
Giving PowerUser role on a DC will allow the user to create VMs and Disks through the user
portal.
Is that what you would like to accomplish?
Oved
----- Original Message -----
</pre>
<blockquote type="cite">
<pre wrap="">From: "Jorick Astrego" <a
class="moz-txt-link-rfc2396E"
href="mailto:j.astrego@netbulae.eu"><j.astrego@netbulae.eu></a>
To: <a class="moz-txt-link-abbreviated"
href="mailto:users@ovirt.org">users@ovirt.org</a>
Sent: Tuesday, July 22, 2014 11:32:16 AM
Subject: [ovirt-users] user permissions
Hi,
In our 3.4.3 environment I started adding external users (it is
connected to a freeipa server) and I'm having some problems setting the
correct permissions.
When I give all user roles to a user, I cannot create a vm and get an
error "User is not authorized to perform this action". I tried setting
it on the system level, DC level and cluster level.
I needed to give this user an administrator role with only exactly the
same vm and disk permissions (nothing extra) and things work ok, but he
can now login to the admin portal. So I blocked it with a .htaccess
which is not the prettiest solution.
Am I doing things wrong?
Also the user disappeared from the "System permissions" overview but can
still login, which is a bit weird.
Kind regards,
Jorick Astrego
Netbulae
_______________________________________________
Users mailing list
<a class="moz-txt-link-abbreviated"
href="mailto:Users@ovirt.org">Users@ovirt.org</a>
<a class="moz-txt-link-freetext"
href="http://lists.ovirt.org/mailman/listinfo/users">http://...
</pre>
</blockquote>
</blockquote>
<br>
</body>
</html>
--------------020802020500080801040002--