Re: [ovirt-users] user permissions

From: "Jorick Astrego" <j.astrego(a)netbulae.eu&gt; To: users(a)ovirt.org Sent: Tuesday, July 22, 2014 11:43:43 AM Subject: Re: [ovirt-users] user permissions Hi, Sorry let be a bit more clear. I want to have a user that can log into the user portal and create vm's, stop them, add disks etc. But only as a user. I tried the poweruser role and can do all things except creating a new VM. I also want the user to only see and manipulate his own VM's and not the other ones running on the same system. Even with the PowerUser role, I am not able to create a new VM as this user. Also when I edit the built-in PowerUser role, I only see the following rights selected: Login Permissions Template Provisioning Operations Create VM Provisioning Operations Edit properties Create Disk Provisioning Operations Create Everything else is deselected. Kind regards, Jorick Astrego Netbulae On 07/22/2014 10:35 AM, Oved Ourfali wrote: Hi You didn't really specify what you would like to accomplish, and what permissions were granted and on what object. In general, we have two types of roles: User and Admin roles. If a user has any admin role on any object, then he can login to the admin portal. So, as long as you don't assign the user with admin role he will not be able to login to the admin portal. Giving PowerUser role on a DC will allow the user to create VMs and Disks through the user portal. Is that what you would like to accomplish? Oved ----- Original Message ----- From: "Jorick Astrego" <j.astrego(a)netbulae.eu&gt; To: users(a)ovirt.org Sent: Tuesday, July 22, 2014 11:32:16 AM Subject: [ovirt-users] user permissions Hi, In our 3.4.3 environment I started adding external users (it is connected to a freeipa server) and I'm having some problems setting the correct permissions. When I give all user roles to a user, I cannot create a vm and get an error "User is not authorized to perform this action". I tried setting it on the system level, DC level and cluster level. I needed to give this user an administrator role with only exactly the same vm and disk permissions (nothing extra) and things work ok, but he can now login to the admin portal. So I blocked it with a .htaccess which is not the prettiest solution. Am I doing things wrong? Also the user disappeared from the "System permissions" overview but can still login, which is a bit weird. Kind regards, Jorick Astrego Netbulae _______________________________________________ Users mailing list Users(a)ovirt.org http://lists.ovirt.org/mailman/listinfo/users _______________________________________________ Users mailing list Users(a)ovirt.org http://lists.ovirt.org/mailman/listinfo/users