On 04/12/2013 11:27 AM, Karli Sjöberg wrote:
Hey Everyone!
I solved it! I friggin solved it, and it didn´t have anything to do with
the spice-client, spice-plugin(ActiveX or XPI), or userportal
specifically, it´s in the engine itself! So Juanjo here said that it
works for him, and I took a guess that´s because he is only using
admin@internal <mailto:admin@internal> for testing (correct me if I´m
wrong Juanjo), so I added a "UserRole" to admin on a test VM, logged
into Userportal, clicked for console, and it worked! So, since our setup
is a little more complex, as it´s connected to our ActiveDirectory, I
concluded that it must be a permissions related issue. I created a new
UserRole, called "ConsoleOwner" that only have "Login Permissions"
and
"RemoteLogin" and added that role to our engine´s "System
Permissions"
on a directory group as "broad" as possible. After that if I also added
an explicit UserRole permission for a directory user on any VM now it
works 100%. Me so happy!:)
A question goes out the developers: Should you have to do that? I
thought that permissions where supposed to be calculated like Windows
ACLs "Effective Permissions", so that if I just add sufficient
permissions for a directory user on a VM, it´s effective permissions
should have granted the necessary abilities in the system, without me
having to first add that as a "big" system permission to have them
granted? Bug, or intended?
Thank you so much Juanjo, for posting the versions you are currently
using that proved that it "should" work, and that it had to be something
else that prevented us from using it (which it was). Thank you!
can you please clarify again which permission you granted to a user on
the VM which didn't work before you added to the user the console
permission?