Re: [ovirt-users] How to protect SHE VM from being deleted in following setup

18 Feb 2018

      ...
On 17 Feb 2018, at 08:22, Vrgotic, Marko <M.Vrgotic@activevideo.com> =
wrote:
=20
Dear oVirt community,
=20
I have SHE on the Gluster (not managed by SHE).
Due to limitations of VM Portal, I have given couple of trusted Users, =
--Apple-Mail=_34F7EAA7-1B12-4558-A1B8-DF7253F127FE
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
	charset=utf-8

trimmed down Admin access, so that they can create VMs.
...
=20
However, this does make me bit worried, since the SHE VM could get =
deleted as any other VM in the pool.
Why do you give them permissions to HE VM? You should be able to give =
them creation, but not let them delete VMs they do not own
...
=20
The SHE VM has its own storage pool, but it=E2=80=99s part of same =
Hypervisor Cluster (limitations of available HW), therefore my Users can =
see it and accidentally delete it =E2=80=93 it can happen!
=20
QUESTION: Any advices that could help me protect SHE VM from being =
deleted?
There=E2=80=99s =E2=80=9CDelete Protection=E2=80=9D property for every =
VM, that prevents people from accidentally deleting them. Might be =
enough, messing with permissions might be tricky.

Thanks,
michal
...
=20
Any suggestions, ideas are highly welcome.
=20
Thank you.
=20
Best regards,
Marko Vrgotic
_______________________________________________
Users mailing list
Users@ovirt.org <mailto:Users@ovirt.org>
http://lists.ovirt.org/mailman/listinfo/users =
<http://lists.ovirt.org/mailman/listinfo/users>
--Apple-Mail=_34F7EAA7-1B12-4558-A1B8-DF7253F127FE
Content-Transfer-Encoding: quoted-printable
Content-Type: text/html;
	charset=utf-8

<html><head><meta http-equiv=3D"Content-Type" content=3D"text/html; =
charset=3Dutf-8"></head><body style=3D"word-wrap: break-word; =
-webkit-nbsp-mode: space; line-break: after-white-space;" class=3D""><br =
class=3D""><div><br class=3D""><blockquote type=3D"cite" class=3D""><div =
class=3D"">On 17 Feb 2018, at 08:22, Vrgotic, Marko <<a =
href=3D"mailto:M.Vrgotic@activevideo.com" =
class=3D"">M.Vrgotic@activevideo.com</a>> wrote:</div><br =
class=3D"Apple-interchange-newline"><div class=3D""><div =
class=3D"WordSection1" style=3D"page: WordSection1; font-family: =
Helvetica; font-size: 12px; font-style: normal; font-variant-caps: =
normal; font-weight: normal; letter-spacing: normal; text-align: start; =
text-indent: 0px; text-transform: none; white-space: normal; =
word-spacing: 0px; -webkit-text-stroke-width: 0px;"><div style=3D"margin: =
0cm 0cm 0.0001pt; font-size: 12pt; font-family: Calibri, sans-serif;" =
class=3D""><span style=3D"font-size: 11pt;" class=3D"">Dear oVirt =
community,<o:p class=3D""></o:p></span></div><div style=3D"margin: 0cm =
0cm 0.0001pt; font-size: 12pt; font-family: Calibri, sans-serif;" =
class=3D""><span style=3D"font-size: 11pt;" class=3D""><o:p =
class=3D""> </o:p></span></div><div style=3D"margin: 0cm 0cm =
0.0001pt; font-size: 12pt; font-family: Calibri, sans-serif;" =
class=3D""><span style=3D"font-size: 11pt;" class=3D"">I have SHE on the =
Gluster (not managed by SHE).<o:p class=3D""></o:p></span></div><div =
style=3D"margin: 0cm 0cm 0.0001pt; font-size: 12pt; font-family: =
Calibri, sans-serif;" class=3D""><span style=3D"font-size: 11pt;" =
class=3D"">Due to limitations of VM Portal, I have given couple of =
trusted Users, trimmed down Admin access, so that they can create =
VMs.</span></div></div></div></blockquote><blockquote type=3D"cite" =
class=3D""><div class=3D""><div class=3D"WordSection1" style=3D"page: =
WordSection1; font-family: Helvetica; font-size: 12px; font-style: =
normal; font-variant-caps: normal; font-weight: normal; letter-spacing: =
normal; text-align: start; text-indent: 0px; text-transform: none; =
white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: =
0px;"><div style=3D"margin: 0cm 0cm 0.0001pt; font-size: 12pt; =
font-family: Calibri, sans-serif;" class=3D""><span style=3D"font-size: =
11pt;" class=3D""><o:p class=3D""></o:p></span></div><div style=3D"margin:=
 0cm 0cm 0.0001pt; font-size: 12pt; font-family: Calibri, sans-serif;" =
class=3D""><span style=3D"font-size: 11pt;" class=3D""><o:p =
class=3D""> </o:p></span></div><div style=3D"margin: 0cm 0cm =
0.0001pt; font-size: 12pt; font-family: Calibri, sans-serif;" =
class=3D""><span style=3D"font-size: 11pt;" class=3D"">However, this =
does make me bit worried, since the SHE VM could get deleted as any =
other VM in the pool.</span></div></div></div></blockquote><div><br =
class=3D""></div>Why do you give them permissions to HE VM? You should =
be able to give them creation, but not let them delete VMs they do not =
own</div><div><br class=3D""><blockquote type=3D"cite" class=3D""><div =
class=3D""><div class=3D"WordSection1" style=3D"page: WordSection1; =
font-family: Helvetica; font-size: 12px; font-style: normal; =
font-variant-caps: normal; font-weight: normal; letter-spacing: normal; =
text-align: start; text-indent: 0px; text-transform: none; white-space: =
normal; word-spacing: 0px; -webkit-text-stroke-width: 0px;"><div =
style=3D"margin: 0cm 0cm 0.0001pt; font-size: 12pt; font-family: =
Calibri, sans-serif;" class=3D""><span style=3D"font-size: 11pt;" =
class=3D""><o:p class=3D""></o:p></span></div><div style=3D"margin: 0cm =
0cm 0.0001pt; font-size: 12pt; font-family: Calibri, sans-serif;" =
class=3D""><span style=3D"font-size: 11pt;" class=3D""><o:p =
class=3D""> </o:p></span></div><div style=3D"margin: 0cm 0cm =
0.0001pt; font-size: 12pt; font-family: Calibri, sans-serif;" =
class=3D""><span style=3D"font-size: 11pt;" class=3D"">The SHE VM has =
its own storage pool, but it=E2=80=99s part of same Hypervisor Cluster =
(limitations of available HW), therefore my Users can see it and =
accidentally delete it =E2=80=93 it can happen!<o:p =
class=3D""></o:p></span></div><div style=3D"margin: 0cm 0cm 0.0001pt; =
font-size: 12pt; font-family: Calibri, sans-serif;" class=3D""><span =
style=3D"font-size: 11pt;" class=3D""><o:p =
class=3D""> </o:p></span></div><div style=3D"margin: 0cm 0cm =
0.0001pt; font-size: 12pt; font-family: Calibri, sans-serif;" =
class=3D""><span style=3D"font-size: 11pt;" class=3D"">QUESTION: Any =
advices that could help me protect SHE VM from being =
deleted?</span></div></div></div></blockquote><div><br =
class=3D""></div><div><br class=3D""></div>There=E2=80=99s =E2=80=9CDelete=
 Protection=E2=80=9D property for every VM, that prevents people from =
accidentally deleting them. Might be enough, messing with permissions =
might be tricky.</div><div><br =
class=3D""></div><div>Thanks,</div><div>michal<br class=3D""><blockquote =
type=3D"cite" class=3D""><div class=3D""><div class=3D"WordSection1" =
style=3D"page: WordSection1; font-family: Helvetica; font-size: 12px; =
font-style: normal; font-variant-caps: normal; font-weight: normal; =
letter-spacing: normal; text-align: start; text-indent: 0px; =
text-transform: none; white-space: normal; word-spacing: 0px; =
-webkit-text-stroke-width: 0px;"><div style=3D"margin: 0cm 0cm 0.0001pt; =
font-size: 12pt; font-family: Calibri, sans-serif;" class=3D""><span =
style=3D"font-size: 11pt;" class=3D""><o:p =
class=3D""></o:p></span></div><div style=3D"margin: 0cm 0cm 0.0001pt; =
font-size: 12pt; font-family: Calibri, sans-serif;" class=3D""><span =
style=3D"font-size: 11pt;" class=3D""><o:p =
class=3D""> </o:p></span></div><div style=3D"margin: 0cm 0cm =
0.0001pt; font-size: 12pt; font-family: Calibri, sans-serif;" =
class=3D""><span style=3D"font-size: 11pt;" class=3D"">Any suggestions, =
ideas are highly welcome.<o:p class=3D""></o:p></span></div><div =
style=3D"margin: 0cm 0cm 0.0001pt; font-size: 12pt; font-family: =
Calibri, sans-serif;" class=3D""><span style=3D"font-size: 11pt;" =
class=3D""><o:p class=3D""> </o:p></span></div><div style=3D"margin: =
0cm 0cm 0.0001pt; font-size: 12pt; font-family: Calibri, sans-serif;" =
class=3D""><span style=3D"font-size: 11pt;" class=3D"">Thank you.<o:p =
class=3D""></o:p></span></div><div style=3D"margin: 0cm 0cm 0.0001pt; =
font-size: 12pt; font-family: Calibri, sans-serif;" class=3D""><span =
style=3D"font-size: 11pt;" class=3D""><o:p =
class=3D""> </o:p></span></div><div style=3D"margin: 0cm 0cm =
0.0001pt; font-size: 12pt; font-family: Calibri, sans-serif;" =
class=3D""><span style=3D"font-size: 11pt;" class=3D"">Best regards,<o:p =
class=3D""></o:p></span></div><div style=3D"margin: 0cm 0cm 0.0001pt; =
font-size: 12pt; font-family: Calibri, sans-serif;" class=3D""><span =
style=3D"font-size: 11pt;" class=3D"">Marko Vrgotic<o:p =
class=3D""></o:p></span></div></div><span style=3D"font-family: =
Helvetica; font-size: 12px; font-style: normal; font-variant-caps: =
normal; font-weight: normal; letter-spacing: normal; text-align: start; =
text-indent: 0px; text-transform: none; white-space: normal; =
word-spacing: 0px; -webkit-text-stroke-width: 0px; float: none; display: =
inline !important;" =
class=3D"">_______________________________________________</span><br =
style=3D"font-family: Helvetica; font-size: 12px; font-style: normal; =
font-variant-caps: normal; font-weight: normal; letter-spacing: normal; =
text-align: start; text-indent: 0px; text-transform: none; white-space: =
normal; word-spacing: 0px; -webkit-text-stroke-width: 0px;" =
class=3D""><span style=3D"font-family: Helvetica; font-size: 12px; =
font-style: normal; font-variant-caps: normal; font-weight: normal; =
letter-spacing: normal; text-align: start; text-indent: 0px; =
text-transform: none; white-space: normal; word-spacing: 0px; =
-webkit-text-stroke-width: 0px; float: none; display: inline =
!important;" class=3D"">Users mailing list</span><br style=3D"font-family:=
 Helvetica; font-size: 12px; font-style: normal; font-variant-caps: =
normal; font-weight: normal; letter-spacing: normal; text-align: start; =
text-indent: 0px; text-transform: none; white-space: normal; =
word-spacing: 0px; -webkit-text-stroke-width: 0px;" class=3D""><a =
href=3D"mailto:Users@ovirt.org" style=3D"color: rgb(149, 79, 114); =
text-decoration: underline; font-family: Helvetica; font-size: 12px; =
font-style: normal; font-variant-caps: normal; font-weight: normal; =
letter-spacing: normal; orphans: auto; text-align: start; text-indent: =
0px; text-transform: none; white-space: normal; widows: auto; =
word-spacing: 0px; -webkit-text-size-adjust: auto; =
-webkit-text-stroke-width: 0px;" class=3D"">Users@ovirt.org</a><br =
style=3D"font-family: Helvetica; font-size: 12px; font-style: normal; =
font-variant-caps: normal; font-weight: normal; letter-spacing: normal; =
text-align: start; text-indent: 0px; text-transform: none; white-space: =
normal; word-spacing: 0px; -webkit-text-stroke-width: 0px;" class=3D""><a =
href=3D"http://lists.ovirt.org/mailman/listinfo/users" style=3D"color: =
rgb(149, 79, 114); text-decoration: underline; font-family: Helvetica; =
font-size: 12px; font-style: normal; font-variant-caps: normal; =
font-weight: normal; letter-spacing: normal; orphans: auto; text-align: =
start; text-indent: 0px; text-transform: none; white-space: normal; =
widows: auto; word-spacing: 0px; -webkit-text-size-adjust: auto; =
-webkit-text-stroke-width: 0px;" =
class=3D"">http://lists.ovirt.org/mailman/listinfo/users</a></div></blockq=
uote></div><br class=3D""></body></html>=

--Apple-Mail=_34F7EAA7-1B12-4558-A1B8-DF7253F127FE--

Re: [ovirt-users] How to protect SHE VM from being deleted in following setup

Michal Skrivanek