-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi, I'm fancing the same problem. The steps are - - create user /tester/ using the ovirt-aaa-jdbc-tool - - login as admin into admin portal - - add tester user in Administation -> Users - - choose one VM and add UserRole role - - login as testr into User Potal - - user could see all VM.. The problem could be, that the user is part of the group Everyone and this group could be found in Administration -> Configure > System Permissions. When you check the group permisson, it seems to be automatically populated by engine. In my case I[m using default DC, default cluster and 'internal' profile . Seems that all engine object is included in Everyone group. regards Peter On 15/05/2018 22:03, Roy Golan wrote:
On Tue, 15 May 2018 at 21:47 Aziz <azizgstest@gmail.com <mailto:azizgstest@gmail.com>> wrote:
Hi Roy,
Thanks for your feedback, I'm unable to remove the user from the cluster, I used the command "|ovirt-aaa-jdbc-tool user add|" to add the new user, and it seems that by default it took all permissions over the cluster. Is there any document describing this feature in details ?
In the webadmin go to Administration -> Configure > System Permissions. If the user is there, remove him. Then search for the VM and add permissions to the user on the VM Check your end result in the 'permisions' section of the VM to see who has permissions on it.
This should be helpful, quite long though https://www.ovirt.org/documentation/admin-guide/chap-Users_and_Roles/
This is for the tool itself
https://www.ovirt.org/develop/release-management/features/infra/aaa-jd bc/
Thanks
On Tue, May 15, 2018 at 6:31 PM, Roy Golan <rgolan@redhat.com <mailto:rgolan@redhat.com>> wrote:
1. Make sure your users use the VM portal 2. Assign permission on VM to a certain user to make sure it apears in the portal. The Role should be VmOperator afaik.
Permission set on objects higher in the hierarchy are cascading, i.e a user with permission on a cluster would have the permission on the all the vm in cluster.
On Tue, 15 May 2018 at 20:59 Aziz <azizgstest@gmail.com <mailto:azizgstest@gmail.com>> wrote:
Hi list,
I'm trying to remove the default "everyone" user from Ovirt, so that each user can have access to its own interface to manage a unique VM. I wonder if this is possible, because so far I'm unable to remove everyone user.
Thank you
_______________________________________________ Users mailing list -- users@ovirt.org <mailto:users@ovirt.org> To unsubscribe send an email to users-leave@ovirt.org <mailto:users-leave@ovirt.org>
_______________________________________________ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-leave@ovirt.org
- -- *Peter Hudec* Infraštruktúrny architekt phudec@cnc.sk <mailto:phudec@cnc.sk> *CNC, a.s.* Borská 6, 841 04 Bratislava Recepcia: +421 2 35 000 100 Mobil:+421 905 997 203 *www.cnc.sk* <http:///www.cnc.sk> -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEqSUbhuEwhryifNeVQnvVWOJ35BAFAlr7StYACgkQQnvVWOJ3 5BCYbQ//WiZTpgyHY6eD3kjtoomYu6UiuKCXYD0uhezUVFV7zROk85jp7BcoU847 MVRMKcu/5YOMBWyXpVy27OtQwCcquz5aChreYUH8zaPlH3O3qkf2ohziKsXlMAol /75g+Ha+Zyueuv7afx+UIxgaDv7tkGWEnrXn5LBxuQjZqq1NLDMueQaD/fPwPlw+ SRXo4nGnvnsKIZGjsX+Otd73l8JlCr0apzYYC2KOHhM1Tfw2fRphPDk/zLOvjv2X sxKrIWsK7OgBt5lDG0rzVj/qdf4SnsxXgbgvo03yc0MwBBX+NLRmwOLUjFiovze+ NwPuos87Iwo3Dv+wJ1oxYkAGgjl0t+TxbJP6SMwAH1g7T1jvA/aCeC/Bk7RXPldL pI+cAqvNtNfidxx7CyKjgKn4MA3dT9lq95FOV1CgMP4xQcliqofOeZrW93dvDnE8 LBlni7okv1xjw3rj6MTjdkSCN+Hh8L5GY+WbZbx5An5aCVdkYjTNw0K5UWbBNxua fAJKBf5UidYXjxSHxgE21JKscX0wzZUOtGn11qmXp/zAwvfn4yfIQzJiii2XCIZT J9mcyb1084bGlK86wrRNLRMDAVkN4Rh3cWY2NRhe8hKpjOCqWC88QkmTi4SXjMRy L/cOC+ea5/by1gCE5xKinaHNZaZDM/3rBYJW2HxJkCzdOBwxxIQ= =cvu1 -----END PGP SIGNATURE-----