-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi all, works !! ;) Seems that there is some caching in User Portal. But there is still a question how could I remove user from the role everyone ? For example I want to assign only specific vNIC Profiles, Storage Domains, ... Peter On 16/05/2018 14:57, Aziz wrote:
Hi All,
Thank you Roy, this is working now as expected, however, I think the Edit button, should be removed for this user, there is no need to display the edit button if the user cannot use it to perform any operation, am I missing something ?
Best regards
On Wed, May 16, 2018 at 9:12 AM, Peter Hudec <phudec@cnc.sk <mailto:phudec@cnc.sk>> wrote:
I have found 2 related bug, a little bit older
https://bugzilla.redhat.com/show_bug.cgi?id=1209505 <https://bugzilla.redhat.com/show_bug.cgi?id=1209505> https://bugzilla.redhat.com/show_bug.cgi?id=1225274 <https://bugzilla.redhat.com/show_bug.cgi?id=1225274>
But these are related only to DiskProfile.
I haven't found any work about 'Everyone' group in documentation, so I'm little bit confused why there is such a group.
Peter
On 15/05/2018 23:02, Peter Hudec wrote:
Hi,
I'm fancing the same problem.
The steps are - create user /tester/ using the ovirt-aaa-jdbc-tool - login as admin into admin portal - add tester user in Administation -> Users - choose one VM and add UserRole role
- login as testr into User Potal - user could see all VM..
The problem could be, that the user is part of the group Everyone and this group could be found in Administration -> Configure > System Permissions. When you check the group permisson, it seems to be automatically populated by engine.
In my case I[m using default DC, default cluster and 'internal' profile .
Seems that all engine object is included in Everyone group.
regards Peter
On 15/05/2018 22:03, Roy Golan wrote:
On Tue, 15 May 2018 at 21:47 Aziz <azizgstest@gmail.com <mailto:azizgstest@gmail.com> <mailto:azizgstest@gmail.com <mailto:azizgstest@gmail.com>>> wrote:
Hi Roy,
Thanks for your feedback, I'm unable to remove the user from the cluster, I used the command "|ovirt-aaa-jdbc-tool user add|" to add the new user, and it seems that by default it took all permissions over the cluster. Is there any document describing this feature in details ?
In the webadmin go to Administration -> Configure > System Permissions. If the user is there, remove him. Then search for the VM and add permissions to the user on the VM Check your end result in the 'permisions' section of the VM to see who has permissions on it.
This should be helpful, quite long though
https://www.ovirt.org/documentation/admin-guide/chap-Users_and_Roles/ <https://www.ovirt.org/documentation/admin-guide/chap-Users_and_Roles/
This is for the tool itself
https://www.ovirt.org/develop/release-management/features/infra/aaa-j <https://www.ovirt.org/develop/release-management/features/infra/aaa-j
d
bc/
Thanks
On Tue, May 15, 2018 at 6:31 PM, Roy Golan <rgolan@redhat.com <mailto:rgolan@redhat.com> <mailto:rgolan@redhat.com <mailto:rgolan@redhat.com>>> wrote:
1. Make sure your users use the VM portal 2. Assign permission on VM to a certain user to make sure it apears in the portal. The Role should be VmOperator afaik.
Permission set on objects higher in the hierarchy are cascading, i.e a user with permission on a cluster would have the permission on the all the vm in cluster.
On Tue, 15 May 2018 at 20:59 Aziz <azizgstest@gmail.com <mailto:azizgstest@gmail.com> <mailto:azizgstest@gmail.com <mailto:azizgstest@gmail.com>>> wrote:
Hi list,
I'm trying to remove the default "everyone" user from Ovirt, so that each user can have access to its own interface to manage a unique VM. I wonder if this is possible, because so far I'm unable to remove everyone user.
Thank you
_______________________________________________ Users mailing list -- users@ovirt.org <mailto:users@ovirt.org> <mailto:users@ovirt.org <mailto:users@ovirt.org>> To unsubscribe send an email to users-leave@ovirt.org <mailto:users-leave@ovirt.org> <mailto:users-leave@ovirt.org <mailto:users-leave@ovirt.org>>
_______________________________________________ Users mailing list -- users@ovirt.org <mailto:users@ovirt.org> To unsubscribe send an email to users-leave@ovirt.org <mailto:users-leave@ovirt.org>
_______________________________________________ Users mailing list -- users@ovirt.org <mailto:users@ovirt.org> To unsubscribe send an email to users-leave@ovirt.org <mailto:users-leave@ovirt.org>
- -- *Peter Hudec* Infraštruktúrny architekt phudec@cnc.sk <mailto:phudec@cnc.sk> *CNC, a.s.* Borská 6, 841 04 Bratislava Recepcia: +421 2 35 000 100 Mobil:+421 905 997 203 *www.cnc.sk* <http:///www.cnc.sk> -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEqSUbhuEwhryifNeVQnvVWOJ35BAFAlr8ML4ACgkQQnvVWOJ3 5BAvRQ/+IJqGA6TT/+Pwti39tBHVkXioVUWIIe7RQ2qUgd+OpZJbM/vedrZlqNdj pStroH9s6eRjDDGxkumGnRyf6vz/hlCdCySg7ge7WHiz+7j2t7rypknO/z4TewTj bqbUnYwoLH3D9eYBFwB6z8qY2ZfIhZWaylENfsMvt0u/n42ZKUJKUDJcHOD0qG0T C8E3VMO8tav/feJMrMp9LPBwDe3cgcQimbrgd7TtKJd0XcYgIANsTOpLQI3Sj/ZX plCO5FyGmHvD1/I3wuF0q2zAz1LqfcGXa+onwt2Jwt6a2wtVGcQFpaiIUkMamL4z OMtBThQGr9a0C8+gcJzGBK9hGLI/Fxgp9UOpisCt3EoB6+psVP2x0M1jQrbfDYIL bFRlewJZufy6RsCxvgqAuA60RhkrAUAG8nmaanA2BTIaYtGn5J+REnyvLLUjnrRg Pva28ld0cW5FoIWasQRRED0MchojgYWFHjURrSLT/i51DlWVRs4cOfphAMJC/ogd aNDOvUNBO2+WbTGI9xESadMbFO8GNbAlH9b6X16v0OSa0ngh7dykFzz13aQ5e5/0 SRTlE8+LvfXcM4Ehs8LxB/G9juVjo2AvTw16B7p4zFZKaWFf7GUzg1hzTh9muip5 jHRMxzy5YsegWka9AEmjKsGP4rpCgYPidk4AJAdnHyj+bbdK3Mk= =vcPj -----END PGP SIGNATURE-----