You are looking for this to look like its multi tenant?
I setup CloudSpin to do exactly that. Each user can only see their own VMS.
Do I have your question correct?
Donny D
On Jun 30, 2015 5:27 PM, "David Smith" <dsmith(a)mypchelp.com> wrote:
version 3.5.2-1.el6
using ldap authz; this piece is working OK, and verified OK.
I use the "Everyone" user to provide default permissions; that includes
PowerUserRole for the data center, a bunch of usertemplatebasedVMs, some
VnicProfileUser, DiskProfileUser, etc.
I add a new user in LDAP; and verify LDAP credentials work (ie, log in to
another system that uses the same ldap server)
LDAP confirmed working for *other* ovirt users-- not an LDAP issue as far
as I can tell.
I do *not* specifically add each LDAP user to oVirt, they're added to
"groups" in LDAP, so if they have the right group, they should be able to
authenticate to oVirt and use the system without me adding each user
individually.
In any case the narrowed down problem is this:
If the user doesn't have permissions (UserRole, etc) for *any* VMs,
instead of logging in and getting a blank VM list, they get "User is not
authorized to perform this action."
If I add that specific user to a test placeholder VM, they can log in.
Once they have a VM created, I can erase their user-specific permissions to
that initial test VM and everything works as expected. They are able to log
in, create VMs, etc.
If I remove all permissions for VMs from a user, they get this error.
Expected behavior:
User without any permissions to any VMs should simply get a blank VM list
on login. That way they can create a VM and go from there.
Thanks for any help/suggestions,
David
_______________________________________________
Users mailing list
Users(a)ovirt.org
http://lists.ovirt.org/mailman/listinfo/users