From Paul.Woodward at ggc.scot.nhs.uk Wed Oct 26 10:56:39 2016 Content-Type: multipart/mixed; boundary="===============6335863489565537648==" MIME-Version: 1.0 From: Woodward, Paul To: users at ovirt.org Subject: [ovirt-users] Group permissions at cluster level Date: Wed, 26 Oct 2016 15:49:24 +0100 Message-ID: <86B3513E4A7B064599167816D519189698DF346320@LAPPWGGCPMB04.ggc.scot.nhs.uk> --===============6335863489565537648== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable --_000_86B3513E4A7B064599167816D519189698DF346320LAPPWGGCPMB04_ Content-Type: text/plain; charset=3D"us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Hi, This could be a bug or a configuration issue, I'm not too sure yet. At the = =3D moment if I apply group permissions using the PowerUserRole to the cluster = =3D itself, then any VMs created in the user portal by users in that group don'= =3D t get the UserVmManager role applied correctly. The user, authorization pro= =3D vider and namespace fields are all blank meaning that VM is visible to all = =3D users on the platform. If you do this with individual users' permissions though, it works as expec= =3D ted and they get the UserVmManager role assigned to their username on the V= =3D M. Thanks, Paul **************************************************************************** NHSGG&C Disclaimer The information contained within this e-mail and in any attachment is confidential and may be privileged. If you are not the intended recipient, please destroy this message, delete any copies held on your systems and notify the sender immediately; you should not retain, copy or use this e-mail for any purpose, nor disclose all or any part of its content to any other person. All messages passing through this gateway are checked for viruses, but we strongly recommend that you check for viruses using your own virus scanner as NHS Greater Glasgow & Clyde will not take responsibility for any damage caused as a result of virus infection. **************************************************************************= =3D =3D20 --_000_86B3513E4A7B064599167816D519189698DF346320LAPPWGGCPMB04_ Content-Type: text/html; charset=3D"us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable

Hi= ,=3D

 

Th=3D is could be a bug or a configuration issue, I’m not too sure yet. At = =3D the moment if I apply group permissions using the PowerUserRole to the clus= =3D ter itself, then any VMs created in the user portal by users in that group = =3D don’t get the UserVmManager role applied correctly. The user, authori= =3D zation provider and namespace fields are all blank meaning that VM is visib= =3D le to all users on the platform.

= &n=3D bsp;

If you do this with individual users&#= 82=3D 17; permissions though, it works as expected and they get the UserVmManager= =3D role assigned to their username on the VM.

 

Thanks,

Paul

*******************************= **=3D *******************************************
NHSGG&C Disclaimer

The information contained within this e-mail and in any attachment is
confidential and may be privileged. If you are not the intended
recipient, please destroy this message, delete any copies held on your
systems and notify the sender immediately; you should not retain, copy
or use this e-mail for any purpose, nor disclose all or any part of its
content to any other person.

All messages passing through this gateway are checked for viruses, but we strongly recommend that you check for viruses using your own virus
scanner as NHS Greater Glasgow & Clyde will not take responsibility for= =3D
any damage caused as a result of virus infection.

************************************************************************= =3D **

--_000_86B3513E4A7B064599167816D519189698DF346320LAPPWGGCPMB04_-- --===============6335863489565537648== Content-Type: multipart/alternative MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="attachment.bin" LS1fMDAwXzg2QjM1MTNFNEE3QjA2NDU5OTE2NzgxNkQ1MTkxODk2OThERjM0NjMyMExBUFBXR0dD UE1CMDRfCkNvbnRlbnQtVHlwZTogdGV4dC9wbGFpbjsgY2hhcnNldD0idXMtYXNjaWkiCk1JTUUt VmVyc2lvbjogMS4wCkNvbnRlbnQtVHJhbnNmZXItRW5jb2Rpbmc6IHF1b3RlZC1wcmludGFibGUK CkhpLAoKVGhpcyBjb3VsZCBiZSBhIGJ1ZyBvciBhIGNvbmZpZ3VyYXRpb24gaXNzdWUsIEknbSBu b3QgdG9vIHN1cmUgeWV0LiBBdCB0aGUgPQptb21lbnQgaWYgSSBhcHBseSBncm91cCBwZXJtaXNz aW9ucyB1c2luZyB0aGUgUG93ZXJVc2VyUm9sZSB0byB0aGUgY2x1c3RlciA9Cml0c2VsZiwgdGhl biBhbnkgVk1zIGNyZWF0ZWQgaW4gdGhlIHVzZXIgcG9ydGFsIGJ5IHVzZXJzIGluIHRoYXQgZ3Jv dXAgZG9uJz0KdCBnZXQgdGhlIFVzZXJWbU1hbmFnZXIgcm9sZSBhcHBsaWVkIGNvcnJlY3RseS4g VGhlIHVzZXIsIGF1dGhvcml6YXRpb24gcHJvPQp2aWRlciBhbmQgbmFtZXNwYWNlIGZpZWxkcyBh cmUgYWxsIGJsYW5rIG1lYW5pbmcgdGhhdCBWTSBpcyB2aXNpYmxlIHRvIGFsbCA9CnVzZXJzIG9u IHRoZSBwbGF0Zm9ybS4KCklmIHlvdSBkbyB0aGlzIHdpdGggaW5kaXZpZHVhbCB1c2VycycgcGVy bWlzc2lvbnMgdGhvdWdoLCBpdCB3b3JrcyBhcyBleHBlYz0KdGVkIGFuZCB0aGV5IGdldCB0aGUg VXNlclZtTWFuYWdlciByb2xlIGFzc2lnbmVkIHRvIHRoZWlyIHVzZXJuYW1lIG9uIHRoZSBWPQpN LgoKVGhhbmtzLApQYXVsCioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioq KioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioKTkhTR0cmQyBEaXNjbGFpbWVyCgpU aGUgaW5mb3JtYXRpb24gY29udGFpbmVkIHdpdGhpbiB0aGlzIGUtbWFpbCBhbmQgaW4gYW55IGF0 dGFjaG1lbnQgaXMKY29uZmlkZW50aWFsIGFuZCBtYXkgYmUgcHJpdmlsZWdlZC4gSWYgeW91IGFy ZSBub3QgdGhlIGludGVuZGVkCnJlY2lwaWVudCwgcGxlYXNlIGRlc3Ryb3kgdGhpcyBtZXNzYWdl LCBkZWxldGUgYW55IGNvcGllcyBoZWxkIG9uIHlvdXIKc3lzdGVtcyBhbmQgbm90aWZ5IHRoZSBz ZW5kZXIgaW1tZWRpYXRlbHk7IHlvdSBzaG91bGQgbm90IHJldGFpbiwgY29weQpvciB1c2UgdGhp cyBlLW1haWwgZm9yIGFueSBwdXJwb3NlLCBub3IgZGlzY2xvc2UgYWxsIG9yIGFueSBwYXJ0IG9m IGl0cwpjb250ZW50IHRvIGFueSBvdGhlciBwZXJzb24uCgpBbGwgbWVzc2FnZXMgcGFzc2luZyB0 aHJvdWdoIHRoaXMgZ2F0ZXdheSBhcmUgY2hlY2tlZCBmb3IgdmlydXNlcywgYnV0CndlIHN0cm9u Z2x5IHJlY29tbWVuZCB0aGF0IHlvdSBjaGVjayBmb3IgdmlydXNlcyB1c2luZyB5b3VyIG93biB2 aXJ1cwpzY2FubmVyIGFzIE5IUyBHcmVhdGVyIEdsYXNnb3cgJiBDbHlkZSB3aWxsIG5vdCB0YWtl IHJlc3BvbnNpYmlsaXR5IGZvcgphbnkgZGFtYWdlIGNhdXNlZCBhcyBhIHJlc3VsdCBvZiB2aXJ1 cyBpbmZlY3Rpb24uCgoqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioq KioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKj0KPTIwCgotLV8wMDBfODZCMzUxM0U0QTdC MDY0NTk5MTY3ODE2RDUxOTE4OTY5OERGMzQ2MzIwTEFQUFdHR0NQTUIwNF8KQ29udGVudC1UeXBl OiB0ZXh0L2h0bWw7IGNoYXJzZXQ9InVzLWFzY2lpIgpNSU1FLVZlcnNpb246IDEuMApDb250ZW50 LVRyYW5zZmVyLUVuY29kaW5nOiBxdW90ZWQtcHJpbnRhYmxlCgo8aHRtbCB4bWxuczp2PTNEInVy bjpzY2hlbWFzLW1pY3Jvc29mdC1jb206dm1sIiB4bWxuczpvPTNEInVybjpzY2hlbWFzLW1pY3I9 Cm9zb2Z0LWNvbTpvZmZpY2U6b2ZmaWNlIiB4bWxuczp3PTNEInVybjpzY2hlbWFzLW1pY3Jvc29m dC1jb206b2ZmaWNlOndvcmQiID0KeG1sbnM6bT0zRCJodHRwOi8vc2NoZW1hcy5taWNyb3NvZnQu Y29tL29mZmljZS8yMDA0LzEyL29tbWwiIHhtbG5zPTNEImh0dHA6PQovL3d3dy53My5vcmcvVFIv UkVDLWh0bWw0MCI+PGhlYWQ+PG1ldGEgaHR0cC1lcXVpdj0zRENvbnRlbnQtVHlwZSBjb250ZW50 PQo9M0QidGV4dC9odG1sOyBjaGFyc2V0PTNEdXMtYXNjaWkiPjxtZXRhIG5hbWU9M0RHZW5lcmF0 b3IgY29udGVudD0zRCJNaWNyb3M9Cm9mdCBXb3JkIDE1IChmaWx0ZXJlZCBtZWRpdW0pIj48c3R5 bGU+PCEtLQovKiBGb250IERlZmluaXRpb25zICovCkBmb250LWZhY2UKCXtmb250LWZhbWlseToi Q2FtYnJpYSBNYXRoIjsKCXBhbm9zZS0xOjIgNCA1IDMgNSA0IDYgMyAyIDQ7fQpAZm9udC1mYWNl Cgl7Zm9udC1mYW1pbHk6Q2FsaWJyaTsKCXBhbm9zZS0xOjIgMTUgNSAyIDIgMiA0IDMgMiA0O30K LyogU3R5bGUgRGVmaW5pdGlvbnMgKi8KcC5Nc29Ob3JtYWwsIGxpLk1zb05vcm1hbCwgZGl2Lk1z b05vcm1hbAoJe21hcmdpbjowY207CgltYXJnaW4tYm90dG9tOi4wMDAxcHQ7Cglmb250LXNpemU6 MTEuMHB0OwoJZm9udC1mYW1pbHk6IkNhbGlicmkiLCJzYW5zLXNlcmlmIjsKCW1zby1mYXJlYXN0 LWxhbmd1YWdlOkVOLVVTO30KYTpsaW5rLCBzcGFuLk1zb0h5cGVybGluawoJe21zby1zdHlsZS1w cmlvcml0eTo5OTsKCWNvbG9yOiMwNTYzQzE7Cgl0ZXh0LWRlY29yYXRpb246dW5kZXJsaW5lO30K YTp2aXNpdGVkLCBzcGFuLk1zb0h5cGVybGlua0ZvbGxvd2VkCgl7bXNvLXN0eWxlLXByaW9yaXR5 Ojk5OwoJY29sb3I6Izk1NEY3MjsKCXRleHQtZGVjb3JhdGlvbjp1bmRlcmxpbmU7fQpzcGFuLkVt YWlsU3R5bGUxNwoJe21zby1zdHlsZS10eXBlOnBlcnNvbmFsLWNvbXBvc2U7Cglmb250LWZhbWls eToiQ2FsaWJyaSIsInNhbnMtc2VyaWYiOwoJY29sb3I6d2luZG93dGV4dDt9Ci5Nc29DaHBEZWZh dWx0Cgl7bXNvLXN0eWxlLXR5cGU6ZXhwb3J0LW9ubHk7Cglmb250LWZhbWlseToiQ2FsaWJyaSIs InNhbnMtc2VyaWYiOwoJbXNvLWZhcmVhc3QtbGFuZ3VhZ2U6RU4tVVM7fQpAcGFnZSBXb3JkU2Vj dGlvbjEKCXtzaXplOjYxMi4wcHQgNzkyLjBwdDsKCW1hcmdpbjo3Mi4wcHQgNzIuMHB0IDcyLjBw dCA3Mi4wcHQ7fQpkaXYuV29yZFNlY3Rpb24xCgl7cGFnZTpXb3JkU2VjdGlvbjE7fQotLT48L3N0 eWxlPjwhLS1baWYgZ3RlIG1zbyA5XT48eG1sPgo8bzpzaGFwZWRlZmF1bHRzIHY6ZXh0PTNEImVk aXQiIHNwaWRtYXg9M0QiMTAyNiIgLz4KPC94bWw+PCFbZW5kaWZdLS0+PCEtLVtpZiBndGUgbXNv IDldPjx4bWw+CjxvOnNoYXBlbGF5b3V0IHY6ZXh0PTNEImVkaXQiPgo8bzppZG1hcCB2OmV4dD0z RCJlZGl0IiBkYXRhPTNEIjEiIC8+CjwvbzpzaGFwZWxheW91dD48L3htbD48IVtlbmRpZl0tLT48 L2hlYWQ+PGJvZHkgbGFuZz0zREVOLUdCIGxpbms9M0QiIzA1NjNDMT0KIiB2bGluaz0zRCIjOTU0 RjcyIj48ZGl2IGNsYXNzPTNEV29yZFNlY3Rpb24xPjxwIGNsYXNzPTNETXNvTm9ybWFsPkhpLDxv OnA+PQo8L286cD48L3A+PHAgY2xhc3M9M0RNc29Ob3JtYWw+PG86cD4mbmJzcDs8L286cD48L3A+ PHAgY2xhc3M9M0RNc29Ob3JtYWw+VGg9CmlzIGNvdWxkIGJlIGEgYnVnIG9yIGEgY29uZmlndXJh dGlvbiBpc3N1ZSwgSSYjODIxNzttIG5vdCB0b28gc3VyZSB5ZXQuIEF0ID0KdGhlIG1vbWVudCBp ZiBJIGFwcGx5IGdyb3VwIHBlcm1pc3Npb25zIHVzaW5nIHRoZSBQb3dlclVzZXJSb2xlIHRvIHRo ZSBjbHVzPQp0ZXIgaXRzZWxmLCB0aGVuIGFueSBWTXMgY3JlYXRlZCBpbiB0aGUgdXNlciBwb3J0 YWwgYnkgdXNlcnMgaW4gdGhhdCBncm91cCA9CmRvbiYjODIxNzt0IGdldCB0aGUgVXNlclZtTWFu YWdlciByb2xlIGFwcGxpZWQgY29ycmVjdGx5LiBUaGUgdXNlciwgYXV0aG9yaT0KemF0aW9uIHBy b3ZpZGVyIGFuZCBuYW1lc3BhY2UgZmllbGRzIGFyZSBhbGwgYmxhbmsgbWVhbmluZyB0aGF0IFZN IGlzIHZpc2liPQpsZSB0byBhbGwgdXNlcnMgb24gdGhlIHBsYXRmb3JtLjxvOnA+PC9vOnA+PC9w PjxwIGNsYXNzPTNETXNvTm9ybWFsPjxvOnA+Jm49CmJzcDs8L286cD48L3A+PHAgY2xhc3M9M0RN c29Ob3JtYWw+SWYgeW91IGRvIHRoaXMgd2l0aCBpbmRpdmlkdWFsIHVzZXJzJiM4Mj0KMTc7IHBl cm1pc3Npb25zIHRob3VnaCwgaXQgd29ya3MgYXMgZXhwZWN0ZWQgYW5kIHRoZXkgZ2V0IHRoZSBV c2VyVm1NYW5hZ2VyPQogcm9sZSBhc3NpZ25lZCB0byB0aGVpciB1c2VybmFtZSBvbiB0aGUgVk0u PG86cD48L286cD48L3A+PHAgY2xhc3M9M0RNc29Ob3I9Cm1hbD48bzpwPiZuYnNwOzwvbzpwPjwv cD48cCBjbGFzcz0zRE1zb05vcm1hbD5UaGFua3MsPG86cD48L286cD48L3A+PHAgY2xhcz0Kcz0z RE1zb05vcm1hbD5QYXVsPG86cD48L286cD48L3A+PC9kaXY+PHA+KioqKioqKioqKioqKioqKioq KioqKioqKioqKioqKioqPQoqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioq KioqPGJyPgpOSFNHRyZhbXA7QyBEaXNjbGFpbWVyPC9wPgoKPHA+VGhlIGluZm9ybWF0aW9uIGNv bnRhaW5lZCB3aXRoaW4gdGhpcyBlLW1haWwgYW5kIGluIGFueSBhdHRhY2htZW50IGlzPGJyPgpj b25maWRlbnRpYWwgYW5kIG1heSBiZSBwcml2aWxlZ2VkLiBJZiB5b3UgYXJlIG5vdCB0aGUgaW50 ZW5kZWQ8YnI+CnJlY2lwaWVudCwgcGxlYXNlIGRlc3Ryb3kgdGhpcyBtZXNzYWdlLCBkZWxldGUg YW55IGNvcGllcyBoZWxkIG9uIHlvdXI8YnI+CnN5c3RlbXMgYW5kIG5vdGlmeSB0aGUgc2VuZGVy IGltbWVkaWF0ZWx5OyB5b3Ugc2hvdWxkIG5vdCByZXRhaW4sIGNvcHk8YnI+Cm9yIHVzZSB0aGlz IGUtbWFpbCBmb3IgYW55IHB1cnBvc2UsIG5vciBkaXNjbG9zZSBhbGwgb3IgYW55IHBhcnQgb2Yg aXRzPGJyPgpjb250ZW50IHRvIGFueSBvdGhlciBwZXJzb24uPC9wPgoKPHA+QWxsIG1lc3NhZ2Vz IHBhc3NpbmcgdGhyb3VnaCB0aGlzIGdhdGV3YXkgYXJlIGNoZWNrZWQgZm9yIHZpcnVzZXMsIGJ1 dDxiPQpyPgp3ZSBzdHJvbmdseSByZWNvbW1lbmQgdGhhdCB5b3UgY2hlY2sgZm9yIHZpcnVzZXMg dXNpbmcgeW91ciBvd24gdmlydXM8YnI+CnNjYW5uZXIgYXMgTkhTIEdyZWF0ZXIgR2xhc2dvdyAm YW1wOyBDbHlkZSB3aWxsIG5vdCB0YWtlIHJlc3BvbnNpYmlsaXR5IGZvcj0KPGJyPgphbnkgZGFt YWdlIGNhdXNlZCBhcyBhIHJlc3VsdCBvZiB2aXJ1cyBpbmZlY3Rpb24uPC9wPgoKPHA+KioqKioq KioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioq KioqKioqKioqPQoqKiA8L3A+PC9ib2R5PjwvaHRtbD4KLS1fMDAwXzg2QjM1MTNFNEE3QjA2NDU5 OTE2NzgxNkQ1MTkxODk2OThERjM0NjMyMExBUFBXR0dDUE1CMDRfLS0KCg== --===============6335863489565537648==-- From omachace at redhat.com Wed Oct 26 13:54:55 2016 Content-Type: multipart/mixed; boundary="===============3184216050072292230==" MIME-Version: 1.0 From: Ondra Machacek To: users at ovirt.org Subject: Re: [ovirt-users] Group permissions at cluster level Date: Wed, 26 Oct 2016 19:54:52 +0200 Message-ID: <91f3a88b-6172-8367-df45-cdc398c32ede@redhat.com> In-Reply-To: 86B3513E4A7B064599167816D519189698DF346320@LAPPWGGCPMB04.ggc.scot.nhs.uk --===============3184216050072292230== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable On 10/26/2016 04:49 PM, Woodward, Paul wrote: > Hi, > > > > This could be a bug or a configuration issue, I=E2=80=99m not too sure ye= t. At > the moment if I apply group permissions using the PowerUserRole to the > cluster itself, then any VMs created in the user portal by users in that > group don=E2=80=99t get the UserVmManager role applied correctly. The use= r, > authorization provider and namespace fields are all blank meaning that > VM is visible to all users on the platform. Thanks for the report. It's indeed a bug. Can you please report it in = bugzilla here: https://bugzilla.redhat.com/enter_bug.cgi?product=3Dovirt-engine Thank you very much. > > > > If you do this with individual users=E2=80=99 permissions though, it work= s as > expected and they get the UserVmManager role assigned to their username > on the VM. > > > > Thanks, > > Paul > > *************************************************************************= *** > NHSGG&C Disclaimer > > The information contained within this e-mail and in any attachment is > confidential and may be privileged. If you are not the intended > recipient, please destroy this message, delete any copies held on your > systems and notify the sender immediately; you should not retain, copy > or use this e-mail for any purpose, nor disclose all or any part of its > content to any other person. > > All messages passing through this gateway are checked for viruses, but > we strongly recommend that you check for viruses using your own virus > scanner as NHS Greater Glasgow & Clyde will not take responsibility for > any damage caused as a result of virus infection. > > ************************************************************************** > > > > _______________________________________________ > Users mailing list > Users(a)ovirt.org > http://lists.ovirt.org/mailman/listinfo/users > --===============3184216050072292230==--