Hi Alexis,
Permissions in oVirt consist of three parts:
1. The user/group
2. The role
3. The object
So, if you want a user to be able to "use" a VM, it should be enough to
grant him a UserRole on the VM object (no need to go to the system
preferences for that one).
If you want a user to be the owner of a VM (allows more actions on that VM
than UserRole), then you should grant him with UserVmManager on the VM
object.
The role itself consists of actions that are allowed to be done with it.
You can view these actions in the UI through the system preferences dialog.
When you grant permissions on the system preferences dialog, then it means
the "object" you grant on is the "system" object, which is in the
higher
part of the objects tree.
Normally you won't need that for users.
As for managing permissions, it can be done either via the UI, or the API,
or one of the SDKs.
I guess it is a matter of preference and needs.
Cheers,
Oved
On Sun, Mar 5, 2017 at 1:51 PM, Alexis HAUSER <
alexis.hauser(a)imt-atlantique.fr> wrote:
hi, I'm trying to figure out how to manage VM permissions with
ovirt.
From what I've understood, if you add a user to user role in the system
preferences, this user can access every VM and resources on the cluster,
with the associated permissions; right ?
Now, if I want to control who has access to each VM : I musn't add this
user to user role from the system tab; but instead add it on each resources
(like on each VM) it should access ?
Is there another way to manage permissions ? How you guys do personally
manage this ? Do you automate it with scripts ?
Thanks for you ideas and suggestions
(using 3.6)
_______________________________________________
Users mailing list
Users(a)ovirt.org
http://lists.ovirt.org/mailman/listinfo/users