From omachace at redhat.com Mon Oct 26 09:57:26 2015
Content-Type: multipart/mixed; boundary="===============0582922467264999674=="
MIME-Version: 1.0
From: Ondra Machacek <omachace at redhat.com>
To: users at ovirt.org
Subject: Re: [ovirt-users] api access with poweruser role
Date: Mon, 26 Oct 2015 14:57:23 +0100
Message-ID: <562E3143.4010600@redhat.com>
In-Reply-To: 562E3075.5050203@netbulae.eu

--===============0582922467264999674==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable

This is a multi-part message in MIME format.
--------------080300010909040801050005
Content-Type: text/plain; charset=3Dwindows-1252; format=3Dflowed
Content-Transfer-Encoding: 7bit



On 10/26/2015 02:53 PM, Jorick Astrego wrote:
> Hi,
>
> Currently I'm trying to add an ovirt compute resource in forman that =

> is limited to the VM's of the user.
>
> When I give this user the PowerUser role, I cannot access the api:
>
>     query execution failed due to insufficient permissions
>

Are you sending header 'Filter: true' with the request ?
If your user is not admin(PowerUserRole is not admin role),
you have to use this header.

>
> When I give this user the SuperUser role, I can access the api. But I =

> can see all the VM's of all users.
>
> How can I grant api access so the user can deploy through forman =

> without giving access to all the vm's in our oVirt environment?
>
> Kind regards,
>
> Jorick
>
>
>
>
> Met vriendelijke groet, With kind regards,
>
> Jorick Astrego
> *
> Netbulae Virtualization Experts *
> ------------------------------------------------------------------------
> Tel: 053 20 30 270 	info(a)netbulae.eu 	Staalsteden 4-3A 	KvK 08198180
> Fax: 053 20 30 271 	www.netbulae.eu 	7547 TA Enschede 	BTW NL821234584B01
>
>
> ------------------------------------------------------------------------
>
>
>
> _______________________________________________
> Users mailing list
> Users(a)ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users


--------------080300010909040801050005
Content-Type: text/html; charset=3Dwindows-1252
Content-Transfer-Encoding: 7bit

<html>
  <head>
    <meta content=3D"text/html; charset=3Dwindows-1252"
      http-equiv=3D"Content-Type">
  </head>
  <body bgcolor=3D"#FFFFFF" text=3D"#000000">
    <br>
    <br>
    <div class=3D"moz-cite-prefix">On 10/26/2015 02:53 PM, Jorick Astrego
      wrote:<br>
    </div>
    <blockquote cite=3D"mid:562E3075.5050203(a)netbulae.eu" type=3D"cite">
      <meta http-equiv=3D"content-type" content=3D"text/html;
        charset=3Dwindows-1252">
      Hi,<br>
      <br>
      Currently I'm trying to add an ovirt compute resource in forman
      that is limited to the VM's of the user. <br>
      <br>
      When I give this user the PowerUser role, I cannot access the api:<br>
      <br>
      <blockquote>query execution failed due to insufficient permissions<br>
      </blockquote>
    </blockquote>
    <br>
    Are you sending header 'Filter: true' with the request ?<br>
    If your user is not admin(PowerUserRole is not admin role),<br>
    you have to use this header.<br>
    <br>
    <blockquote cite=3D"mid:562E3075.5050203(a)netbulae.eu" type=3D"cite">
      <blockquote> <br>
      </blockquote>
      When I give this user the SuperUser role, I can access the api.
      But I can see all the VM's of all users.<br>
      <br>
      How can I grant api access so the user can deploy through forman
      without giving access to all the vm's in our oVirt environment?<br>
      <br>
      Kind regards,<br>
      <br>
      Jorick<br>
      <br>
      <br>
      <br>
      <br>
      <span style=3D"color:#604c78;"><font color=3D"000000"><span
            style=3D"mso-fareast-language:en-gb;" lang=3D"NL">Met
            vriendelijke groet, With kind regards,<br>
            <br>
            Jorick Astrego<br>
          </span></font></span><b style=3D"color:#604c78"><br>
        Netbulae Virtualization Experts </b><br>
      <hr style=3D"border:none;border-top:1px solid #ccc;">
      <table style=3D"width: 522px">
        <tbody>
          <tr>
            <td style=3D"width: 130px;font-size: 10px">Tel: 053 20 30 270</=
td>
            <td style=3D"width: 130px;font-size: 10px"><a class=3D"moz-txt-=
link-abbreviated" href=3D"mailto:info(a)netbulae.eu">info(a)netbulae.eu</a>=
</td>
            <td style=3D"width: 130px;font-size: 10px">Staalsteden 4-3A</td>
            <td style=3D"width: 130px;font-size: 10px">KvK 08198180</td>
          </tr>
          <tr>
            <td style=3D"width: 130px;font-size: 10px">Fax: 053 20 30 271</=
td>
            <td style=3D"width: 130px;font-size: 10px"><a class=3D"moz-txt-=
link-abbreviated" href=3D"http://www.netbulae.eu">www.netbulae.eu</a></td>
            <td style=3D"width: 130px;font-size: 10px">7547 TA Enschede</td>
            <td style=3D"width: 130px;font-size: 10px">BTW NL821234584B01</=
td>
          </tr>
        </tbody>
      </table>
      <br>
      <hr style=3D"border:none;border-top:1px solid #ccc;"><br>
      <br>
      <fieldset class=3D"mimeAttachmentHeader"></fieldset>
      <br>
      <pre wrap=3D"">_______________________________________________
Users mailing list
<a class=3D"moz-txt-link-abbreviated" href=3D"mailto:Users(a)ovirt.org">Use=
rs(a)ovirt.org</a>
<a class=3D"moz-txt-link-freetext" href=3D"http://lists.ovirt.org/mailman/l=
istinfo/users">http://lists.ovirt.org/mailman/listinfo/users</a>
</pre>
    </blockquote>
    <br>
  </body>
</html>

--------------080300010909040801050005--

--===============0582922467264999674==
Content-Type: multipart/alternative
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="attachment.bin"

VGhpcyBpcyBhIG11bHRpLXBhcnQgbWVzc2FnZSBpbiBNSU1FIGZvcm1hdC4KLS0tLS0tLS0tLS0t
LS0wODAzMDAwMTA5MDkwNDA4MDEwNTAwMDUKQ29udGVudC1UeXBlOiB0ZXh0L3BsYWluOyBjaGFy
c2V0PXdpbmRvd3MtMTI1MjsgZm9ybWF0PWZsb3dlZApDb250ZW50LVRyYW5zZmVyLUVuY29kaW5n
OiA3Yml0CgoKCk9uIDEwLzI2LzIwMTUgMDI6NTMgUE0sIEpvcmljayBBc3RyZWdvIHdyb3RlOgo+
IEhpLAo+Cj4gQ3VycmVudGx5IEknbSB0cnlpbmcgdG8gYWRkIGFuIG92aXJ0IGNvbXB1dGUgcmVz
b3VyY2UgaW4gZm9ybWFuIHRoYXQgCj4gaXMgbGltaXRlZCB0byB0aGUgVk0ncyBvZiB0aGUgdXNl
ci4KPgo+IFdoZW4gSSBnaXZlIHRoaXMgdXNlciB0aGUgUG93ZXJVc2VyIHJvbGUsIEkgY2Fubm90
IGFjY2VzcyB0aGUgYXBpOgo+Cj4gICAgIHF1ZXJ5IGV4ZWN1dGlvbiBmYWlsZWQgZHVlIHRvIGlu
c3VmZmljaWVudCBwZXJtaXNzaW9ucwo+CgpBcmUgeW91IHNlbmRpbmcgaGVhZGVyICdGaWx0ZXI6
IHRydWUnIHdpdGggdGhlIHJlcXVlc3QgPwpJZiB5b3VyIHVzZXIgaXMgbm90IGFkbWluKFBvd2Vy
VXNlclJvbGUgaXMgbm90IGFkbWluIHJvbGUpLAp5b3UgaGF2ZSB0byB1c2UgdGhpcyBoZWFkZXIu
Cgo+Cj4gV2hlbiBJIGdpdmUgdGhpcyB1c2VyIHRoZSBTdXBlclVzZXIgcm9sZSwgSSBjYW4gYWNj
ZXNzIHRoZSBhcGkuIEJ1dCBJIAo+IGNhbiBzZWUgYWxsIHRoZSBWTSdzIG9mIGFsbCB1c2Vycy4K
Pgo+IEhvdyBjYW4gSSBncmFudCBhcGkgYWNjZXNzIHNvIHRoZSB1c2VyIGNhbiBkZXBsb3kgdGhy
b3VnaCBmb3JtYW4gCj4gd2l0aG91dCBnaXZpbmcgYWNjZXNzIHRvIGFsbCB0aGUgdm0ncyBpbiBv
dXIgb1ZpcnQgZW52aXJvbm1lbnQ/Cj4KPiBLaW5kIHJlZ2FyZHMsCj4KPiBKb3JpY2sKPgo+Cj4K
Pgo+IE1ldCB2cmllbmRlbGlqa2UgZ3JvZXQsIFdpdGgga2luZCByZWdhcmRzLAo+Cj4gSm9yaWNr
IEFzdHJlZ28KPiAqCj4gTmV0YnVsYWUgVmlydHVhbGl6YXRpb24gRXhwZXJ0cyAqCj4gLS0tLS0t
LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
LS0tLS0tLS0tCj4gVGVsOiAwNTMgMjAgMzAgMjcwIAlpbmZvQG5ldGJ1bGFlLmV1IAlTdGFhbHN0
ZWRlbiA0LTNBIAlLdksgMDgxOTgxODAKPiBGYXg6IDA1MyAyMCAzMCAyNzEgCXd3dy5uZXRidWxh
ZS5ldSAJNzU0NyBUQSBFbnNjaGVkZSAJQlRXIE5MODIxMjM0NTg0QjAxCj4KPgo+IC0tLS0tLS0t
LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
LS0tLS0tLQo+Cj4KPgo+IF9fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f
X19fX19fCj4gVXNlcnMgbWFpbGluZyBsaXN0Cj4gVXNlcnNAb3ZpcnQub3JnCj4gaHR0cDovL2xp
c3RzLm92aXJ0Lm9yZy9tYWlsbWFuL2xpc3RpbmZvL3VzZXJzCgoKLS0tLS0tLS0tLS0tLS0wODAz
MDAwMTA5MDkwNDA4MDEwNTAwMDUKQ29udGVudC1UeXBlOiB0ZXh0L2h0bWw7IGNoYXJzZXQ9d2lu
ZG93cy0xMjUyCkNvbnRlbnQtVHJhbnNmZXItRW5jb2Rpbmc6IDdiaXQKCjxodG1sPgogIDxoZWFk
PgogICAgPG1ldGEgY29udGVudD0idGV4dC9odG1sOyBjaGFyc2V0PXdpbmRvd3MtMTI1MiIKICAg
ICAgaHR0cC1lcXVpdj0iQ29udGVudC1UeXBlIj4KICA8L2hlYWQ+CiAgPGJvZHkgYmdjb2xvcj0i
I0ZGRkZGRiIgdGV4dD0iIzAwMDAwMCI+CiAgICA8YnI+CiAgICA8YnI+CiAgICA8ZGl2IGNsYXNz
PSJtb3otY2l0ZS1wcmVmaXgiPk9uIDEwLzI2LzIwMTUgMDI6NTMgUE0sIEpvcmljayBBc3RyZWdv
CiAgICAgIHdyb3RlOjxicj4KICAgIDwvZGl2PgogICAgPGJsb2NrcXVvdGUgY2l0ZT0ibWlkOjU2
MkUzMDc1LjUwNTAyMDNAbmV0YnVsYWUuZXUiIHR5cGU9ImNpdGUiPgogICAgICA8bWV0YSBodHRw
LWVxdWl2PSJjb250ZW50LXR5cGUiIGNvbnRlbnQ9InRleHQvaHRtbDsKICAgICAgICBjaGFyc2V0
PXdpbmRvd3MtMTI1MiI+CiAgICAgIEhpLDxicj4KICAgICAgPGJyPgogICAgICBDdXJyZW50bHkg
SSdtIHRyeWluZyB0byBhZGQgYW4gb3ZpcnQgY29tcHV0ZSByZXNvdXJjZSBpbiBmb3JtYW4KICAg
ICAgdGhhdCBpcyBsaW1pdGVkIHRvIHRoZSBWTSdzIG9mIHRoZSB1c2VyLiA8YnI+CiAgICAgIDxi
cj4KICAgICAgV2hlbiBJIGdpdmUgdGhpcyB1c2VyIHRoZSBQb3dlclVzZXIgcm9sZSwgSSBjYW5u
b3QgYWNjZXNzIHRoZSBhcGk6PGJyPgogICAgICA8YnI+CiAgICAgIDxibG9ja3F1b3RlPnF1ZXJ5
IGV4ZWN1dGlvbiBmYWlsZWQgZHVlIHRvIGluc3VmZmljaWVudCBwZXJtaXNzaW9uczxicj4KICAg
ICAgPC9ibG9ja3F1b3RlPgogICAgPC9ibG9ja3F1b3RlPgogICAgPGJyPgogICAgQXJlIHlvdSBz
ZW5kaW5nIGhlYWRlciAnRmlsdGVyOiB0cnVlJyB3aXRoIHRoZSByZXF1ZXN0ID88YnI+CiAgICBJ
ZiB5b3VyIHVzZXIgaXMgbm90IGFkbWluKFBvd2VyVXNlclJvbGUgaXMgbm90IGFkbWluIHJvbGUp
LDxicj4KICAgIHlvdSBoYXZlIHRvIHVzZSB0aGlzIGhlYWRlci48YnI+CiAgICA8YnI+CiAgICA8
YmxvY2txdW90ZSBjaXRlPSJtaWQ6NTYyRTMwNzUuNTA1MDIwM0BuZXRidWxhZS5ldSIgdHlwZT0i
Y2l0ZSI+CiAgICAgIDxibG9ja3F1b3RlPiA8YnI+CiAgICAgIDwvYmxvY2txdW90ZT4KICAgICAg
V2hlbiBJIGdpdmUgdGhpcyB1c2VyIHRoZSBTdXBlclVzZXIgcm9sZSwgSSBjYW4gYWNjZXNzIHRo
ZSBhcGkuCiAgICAgIEJ1dCBJIGNhbiBzZWUgYWxsIHRoZSBWTSdzIG9mIGFsbCB1c2Vycy48YnI+
CiAgICAgIDxicj4KICAgICAgSG93IGNhbiBJIGdyYW50IGFwaSBhY2Nlc3Mgc28gdGhlIHVzZXIg
Y2FuIGRlcGxveSB0aHJvdWdoIGZvcm1hbgogICAgICB3aXRob3V0IGdpdmluZyBhY2Nlc3MgdG8g
YWxsIHRoZSB2bSdzIGluIG91ciBvVmlydCBlbnZpcm9ubWVudD88YnI+CiAgICAgIDxicj4KICAg
ICAgS2luZCByZWdhcmRzLDxicj4KICAgICAgPGJyPgogICAgICBKb3JpY2s8YnI+CiAgICAgIDxi
cj4KICAgICAgPGJyPgogICAgICA8YnI+CiAgICAgIDxicj4KICAgICAgPHNwYW4gc3R5bGU9ImNv
bG9yOiM2MDRjNzg7Ij48Zm9udCBjb2xvcj0iMDAwMDAwIj48c3BhbgogICAgICAgICAgICBzdHls
ZT0ibXNvLWZhcmVhc3QtbGFuZ3VhZ2U6ZW4tZ2I7IiBsYW5nPSJOTCI+TWV0CiAgICAgICAgICAg
IHZyaWVuZGVsaWprZSBncm9ldCwgV2l0aCBraW5kIHJlZ2FyZHMsPGJyPgogICAgICAgICAgICA8
YnI+CiAgICAgICAgICAgIEpvcmljayBBc3RyZWdvPGJyPgogICAgICAgICAgPC9zcGFuPjwvZm9u
dD48L3NwYW4+PGIgc3R5bGU9ImNvbG9yOiM2MDRjNzgiPjxicj4KICAgICAgICBOZXRidWxhZSBW
aXJ0dWFsaXphdGlvbiBFeHBlcnRzIDwvYj48YnI+CiAgICAgIDxociBzdHlsZT0iYm9yZGVyOm5v
bmU7Ym9yZGVyLXRvcDoxcHggc29saWQgI2NjYzsiPgogICAgICA8dGFibGUgc3R5bGU9IndpZHRo
OiA1MjJweCI+CiAgICAgICAgPHRib2R5PgogICAgICAgICAgPHRyPgogICAgICAgICAgICA8dGQg
c3R5bGU9IndpZHRoOiAxMzBweDtmb250LXNpemU6IDEwcHgiPlRlbDogMDUzIDIwIDMwIDI3MDwv
dGQ+CiAgICAgICAgICAgIDx0ZCBzdHlsZT0id2lkdGg6IDEzMHB4O2ZvbnQtc2l6ZTogMTBweCI+
PGEgY2xhc3M9Im1vei10eHQtbGluay1hYmJyZXZpYXRlZCIgaHJlZj0ibWFpbHRvOmluZm9AbmV0
YnVsYWUuZXUiPmluZm9AbmV0YnVsYWUuZXU8L2E+PC90ZD4KICAgICAgICAgICAgPHRkIHN0eWxl
PSJ3aWR0aDogMTMwcHg7Zm9udC1zaXplOiAxMHB4Ij5TdGFhbHN0ZWRlbiA0LTNBPC90ZD4KICAg
ICAgICAgICAgPHRkIHN0eWxlPSJ3aWR0aDogMTMwcHg7Zm9udC1zaXplOiAxMHB4Ij5LdksgMDgx
OTgxODA8L3RkPgogICAgICAgICAgPC90cj4KICAgICAgICAgIDx0cj4KICAgICAgICAgICAgPHRk
IHN0eWxlPSJ3aWR0aDogMTMwcHg7Zm9udC1zaXplOiAxMHB4Ij5GYXg6IDA1MyAyMCAzMCAyNzE8
L3RkPgogICAgICAgICAgICA8dGQgc3R5bGU9IndpZHRoOiAxMzBweDtmb250LXNpemU6IDEwcHgi
PjxhIGNsYXNzPSJtb3otdHh0LWxpbmstYWJicmV2aWF0ZWQiIGhyZWY9Imh0dHA6Ly93d3cubmV0
YnVsYWUuZXUiPnd3dy5uZXRidWxhZS5ldTwvYT48L3RkPgogICAgICAgICAgICA8dGQgc3R5bGU9
IndpZHRoOiAxMzBweDtmb250LXNpemU6IDEwcHgiPjc1NDcgVEEgRW5zY2hlZGU8L3RkPgogICAg
ICAgICAgICA8dGQgc3R5bGU9IndpZHRoOiAxMzBweDtmb250LXNpemU6IDEwcHgiPkJUVyBOTDgy
MTIzNDU4NEIwMTwvdGQ+CiAgICAgICAgICA8L3RyPgogICAgICAgIDwvdGJvZHk+CiAgICAgIDwv
dGFibGU+CiAgICAgIDxicj4KICAgICAgPGhyIHN0eWxlPSJib3JkZXI6bm9uZTtib3JkZXItdG9w
OjFweCBzb2xpZCAjY2NjOyI+PGJyPgogICAgICA8YnI+CiAgICAgIDxmaWVsZHNldCBjbGFzcz0i
bWltZUF0dGFjaG1lbnRIZWFkZXIiPjwvZmllbGRzZXQ+CiAgICAgIDxicj4KICAgICAgPHByZSB3
cmFwPSIiPl9fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fClVz
ZXJzIG1haWxpbmcgbGlzdAo8YSBjbGFzcz0ibW96LXR4dC1saW5rLWFiYnJldmlhdGVkIiBocmVm
PSJtYWlsdG86VXNlcnNAb3ZpcnQub3JnIj5Vc2Vyc0BvdmlydC5vcmc8L2E+CjxhIGNsYXNzPSJt
b3otdHh0LWxpbmstZnJlZXRleHQiIGhyZWY9Imh0dHA6Ly9saXN0cy5vdmlydC5vcmcvbWFpbG1h
bi9saXN0aW5mby91c2VycyI+aHR0cDovL2xpc3RzLm92aXJ0Lm9yZy9tYWlsbWFuL2xpc3RpbmZv
L3VzZXJzPC9hPgo8L3ByZT4KICAgIDwvYmxvY2txdW90ZT4KICAgIDxicj4KICA8L2JvZHk+Cjwv
aHRtbD4KCi0tLS0tLS0tLS0tLS0tMDgwMzAwMDEwOTA5MDQwODAxMDUwMDA1LS0K

--===============0582922467264999674==--