On Wed, 16 May 2018 at 17:21 Peter Hudec <phudec@cnc.sk> wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hi all,

works !! ;) Seems that there is some caching in User Portal.
But there is still a question how could I remove user from the role
everyone ? For example I want to assign only specific vNIC Profiles,
Storage Domains, ...


All users belong to 'everyone', it is a group. A role is bunch of actions you can perform on an Object
Maybe this will help: create new role, assign only the actions you want for it. Then assign this role to your user, on the specific objects you want him to manage.

        Peter

On 16/05/2018 14:57, Aziz wrote:
> Hi All,
>
> Thank you Roy, this is working now as expected, however, I think
> the Edit button, should  be removed for this user, there is no need
> to display the edit button if the user cannot use it to perform
> any operation, am I missing something ?
>
>
> Best regards
>
> On Wed, May 16, 2018 at 9:12 AM, Peter Hudec <phudec@cnc.sk
> <mailto:phudec@cnc.sk>> wrote:
>
> I have found 2 related bug, a little bit older
>
> https://bugzilla.redhat.com/show_bug.cgi?id=1209505
> <https://bugzilla.redhat.com/show_bug.cgi?id=1209505>
> https://bugzilla.redhat.com/show_bug.cgi?id=1225274
> <https://bugzilla.redhat.com/show_bug.cgi?id=1225274>
>
> But these are related only to DiskProfile.
>
> I haven't found any work about 'Everyone' group in documentation,
> so I'm little bit confused why there is such a group.
>
> Peter
>
> On 15/05/2018 23:02, Peter Hudec wrote:
>> Hi,
>
>> I'm fancing the same problem.
>
>> The steps are - create user /tester/ using the
>> ovirt-aaa-jdbc-tool - login as admin into admin portal - add
>> tester user in Administation -> Users - choose one VM and add
>> UserRole role
>
>> - login as testr into User Potal - user could see all VM..
>
>> The problem could be, that the user is part of the group
>> Everyone and this group could be found in Administration ->
>> Configure > System Permissions. When you check the group
>> permisson, it seems to be automatically populated by engine.
>
>> In  my case I[m using default DC, default cluster and 'internal'
>> profile .
>
>> Seems that all engine object is included in Everyone group.
>
>> regards Peter
>
>> On 15/05/2018 22:03, Roy Golan wrote:
>
>
>>> On Tue, 15 May 2018 at 21:47 Aziz <azizgstest@gmail.com
> <mailto:azizgstest@gmail.com>
>>> <mailto:azizgstest@gmail.com <mailto:azizgstest@gmail.com>>>
>>> wrote:
>
>>> Hi Roy,
>
>>> Thanks for your feedback, I'm unable to remove the user from
>>> the cluster, I used the command "|ovirt-aaa-jdbc-tool user
>>> add|" to add the new user, and it seems that by default it took
>>> all permissions over the cluster. Is there any document
>>> describing this feature in details ?
>
>
>
>>> In the webadmin go to Administration -> Configure > System
>>> Permissions. If the user is there, remove him. Then search for
>>> the VM and add permissions to the user on the VM Check your
>>> end result in the 'permisions' section of the VM to see who
>>> has permissions on it.
>
>>> This should be helpful, quite long though
>>>
> https://www.ovirt.org/documentation/admin-guide/chap-Users_and_Roles/
> <https://www.ovirt.org/documentation/admin-guide/chap-Users_and_Roles/
>
>
>
>>>
>>>
>
>> This is for the tool itself
>>>
> https://www.ovirt.org/develop/release-management/features/infra/aaa-j
> <https://www.ovirt.org/develop/release-management/features/infra/aaa-j
>
>
>
d
>
>>>
>>>
> bc/
>
>
>
>
>>> Thanks
>
>>> On Tue, May 15, 2018 at 6:31 PM, Roy Golan <rgolan@redhat.com
> <mailto:rgolan@redhat.com>
>>> <mailto:rgolan@redhat.com <mailto:rgolan@redhat.com>>> wrote:
>
>>> 1. Make sure your users use the VM portal 2. Assign permission
>>> on VM to a certain user to make sure it apears in the portal.
>>> The Role should be VmOperator afaik.
>
>>> Permission set on objects higher in the hierarchy are
>>> cascading, i.e a user with permission on a cluster would have
>>> the permission on the all the vm in cluster.
>
>
>>> On Tue, 15 May 2018 at 20:59 Aziz <azizgstest@gmail.com
> <mailto:azizgstest@gmail.com>
>>> <mailto:azizgstest@gmail.com <mailto:azizgstest@gmail.com>>>
>>> wrote:
>
>>> Hi list,
>
>>> I'm trying to remove the default "everyone" user from Ovirt,
>>> so that each user can have access to its own interface to
>>> manage a unique VM. I wonder if this is possible, because so
>>> far I'm unable to remove everyone user.
>
>>> Thank you
>
>
>>> _______________________________________________ Users mailing
>>> list -- users@ovirt.org <mailto:users@ovirt.org>
> <mailto:users@ovirt.org <mailto:users@ovirt.org>> To unsubscribe
>>> send an email to users-leave@ovirt.org
> <mailto:users-leave@ovirt.org>
>>> <mailto:users-leave@ovirt.org <mailto:users-leave@ovirt.org>>
>
>
>
>
>>> _______________________________________________ Users mailing
>>> list -- users@ovirt.org <mailto:users@ovirt.org> To
>>> unsubscribe
> send an email to
>>> users-leave@ovirt.org <mailto:users-leave@ovirt.org>
>
>
>
>
>
> _______________________________________________ Users mailing list
> -- users@ovirt.org <mailto:users@ovirt.org> To unsubscribe send an
> email to users-leave@ovirt.org <mailto:users-leave@ovirt.org>
>
>

- --
*Peter Hudec*
Infraštruktúrny architekt
phudec@cnc.sk <mailto:phudec@cnc.sk>

*CNC, a.s.*
Borská 6, 841 04 Bratislava
Recepcia: +421 2  35 000 100

Mobil:+421 905 997 203
*www.cnc.sk* <http:///www.cnc.sk>

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEqSUbhuEwhryifNeVQnvVWOJ35BAFAlr8ML4ACgkQQnvVWOJ3
5BAvRQ/+IJqGA6TT/+Pwti39tBHVkXioVUWIIe7RQ2qUgd+OpZJbM/vedrZlqNdj
pStroH9s6eRjDDGxkumGnRyf6vz/hlCdCySg7ge7WHiz+7j2t7rypknO/z4TewTj
bqbUnYwoLH3D9eYBFwB6z8qY2ZfIhZWaylENfsMvt0u/n42ZKUJKUDJcHOD0qG0T
C8E3VMO8tav/feJMrMp9LPBwDe3cgcQimbrgd7TtKJd0XcYgIANsTOpLQI3Sj/ZX
plCO5FyGmHvD1/I3wuF0q2zAz1LqfcGXa+onwt2Jwt6a2wtVGcQFpaiIUkMamL4z
OMtBThQGr9a0C8+gcJzGBK9hGLI/Fxgp9UOpisCt3EoB6+psVP2x0M1jQrbfDYIL
bFRlewJZufy6RsCxvgqAuA60RhkrAUAG8nmaanA2BTIaYtGn5J+REnyvLLUjnrRg
Pva28ld0cW5FoIWasQRRED0MchojgYWFHjURrSLT/i51DlWVRs4cOfphAMJC/ogd
aNDOvUNBO2+WbTGI9xESadMbFO8GNbAlH9b6X16v0OSa0ngh7dykFzz13aQ5e5/0
SRTlE8+LvfXcM4Ehs8LxB/G9juVjo2AvTw16B7p4zFZKaWFf7GUzg1hzTh9muip5
jHRMxzy5YsegWka9AEmjKsGP4rpCgYPidk4AJAdnHyj+bbdK3Mk=
=vcPj
-----END PGP SIGNATURE-----
_______________________________________________
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-leave@ovirt.org