I have been trying to get this worked out myself.

Firstly someone with a system permission will be able to see things from the system level. I have been adding the permission at the cluster level, but I also just can't seem to figure out the user portal in 4.2. they can either see it all or nothing, even vms they create.

I have been using the permissions from this post to no avail.
These permissions have worked fine since 3.x days

http://lists.ovirt.org/pipermail/users/2015-January/030981.html



On Jan 25, 2018 11:57 AM, "carl langlois" <crl.langlois@gmail.com> wrote:
Hi all,

In 4.1 i was able to assign 1 user to one VM and in the user portal that same user was only seeing this specific VM. But with 4.2 i have trouble with permission. 

The way i add permission to a specific user is go click on the VM in the admin portal, then go in permission and add the user(active directory user). If i log back with this user on the user portal i do not see the VM that was given the permission. 
But if i add the same user in the system permission tab in the admin portal and give it the UserRole and log back to the user portal, now he can see all the VM but i only want the user to see is vm not all others ... 

there is a difference when the is add from the two different place.. is the attribute :
when add from the sytem permission it add the (System) in the inherited permission colum,
when add from the VM permission tab it does not have that..


Any hints would appreciated.

Carl

_______________________________________________
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users