Re: [ovirt-users] user portal permissions
Hi Jeff
Roles determine two things:
1. What the user can see
2. What the user can do
It is important to know on who is the user, what is the role (UserRole? as you also
mentioned SuperUser?) and on what object(s) was the role granted on.
Assuming it is UserRole, on a specific user, then:
If on a VM, then the user can see/operate on this VM.
If on a Cluster, then the user can see/operate on all the VMs in this cluster.
If on a DC, then the user can see/operate on all the VMs in clusters that are part of this
DC.
If on System, then the user can see/operate on all the VMs in the system.
So the hierarchy is System-->DC-->Cluster-->VM.
I hope this clarifies you question.
Regards,
Oved
----- Original Message -----
From: "Jeff Clay" <jeffclay(a)gmail.com>
To: users(a)ovirt.org
Sent: Monday, May 5, 2014 10:31:53 PM
Subject: [ovirt-users] user portal permissions
For some reason, when logged in as a user with a modifed copy role of
UserRole (only has login permssion and VM -> Basic Operations -> Remote Log
In permission) the user can see all of the VM's and has the ability to open
a console, start, shutdown or suspend any of the VM's. I have verified that
all of the VM's only show the SuperUser role in their permissions. I went
through all of the roles and verified that the user is only a member of the
Copy_of_UserRole. The only thing I can think of is that the user is
inheriting permissions from something, but I can't find what it is or where.
Any suggestions?
Thanks.
_______________________________________________
Users mailing list
Users(a)ovirt.org
http://lists.ovirt.org/mailman/listinfo/users