Re: [ovirt-users] user portal permissions
I figured it out. I was using Configure -> System Permissions to add my
users and assign them to roles. Removing the users from there and adding
them under the Permissions tab on the actual object did what I wanted it to.
On Wed, May 7, 2014 at 10:14 AM, Jeff Clay <jeffclay(a)gmail.com> wrote:
Thanks, that clarifies quite a bit. The permissions are being applied
to
"System" for the regular UserRole, but I don't see where to define what
objects the roles are assigned to.
On Wed, May 7, 2014 at 2:28 AM, Oved Ourfalli <ovedo(a)redhat.com> wrote:
> Hi Jeff
>
> Roles determine two things:
> 1. What the user can see
> 2. What the user can do
>
> It is important to know on who is the user, what is the role (UserRole?
> as you also mentioned SuperUser?) and on what object(s) was the role
> granted on.
> Assuming it is UserRole, on a specific user, then:
> If on a VM, then the user can see/operate on this VM.
> If on a Cluster, then the user can see/operate on all the VMs in this
> cluster.
> If on a DC, then the user can see/operate on all the VMs in clusters that
> are part of this DC.
> If on System, then the user can see/operate on all the VMs in the system.
>
> So the hierarchy is System-->DC-->Cluster-->VM.
> I hope this clarifies you question.
>
> Regards,
> Oved
>
>
> ----- Original Message -----
> > From: "Jeff Clay" <jeffclay(a)gmail.com>
> > To: users(a)ovirt.org
> > Sent: Monday, May 5, 2014 10:31:53 PM
> > Subject: [ovirt-users] user portal permissions
> >
> > For some reason, when logged in as a user with a modifed copy role of
> > UserRole (only has login permssion and VM -> Basic Operations -> Remote
> Log
> > In permission) the user can see all of the VM's and has the ability to
> open
> > a console, start, shutdown or suspend any of the VM's. I have verified
> that
> > all of the VM's only show the SuperUser role in their permissions. I
> went
> > through all of the roles and verified that the user is only a member of
> the
> > Copy_of_UserRole. The only thing I can think of is that the user is
> > inheriting permissions from something, but I can't find what it is or
> where.
> > Any suggestions?
> >
> > Thanks.
> >
> > _______________________________________________
> > Users mailing list
> > Users(a)ovirt.org
> > http://lists.ovirt.org/mailman/listinfo/users
> >
>
Attachments:
- attachment.html (text/html — 3.3 KB)