Sorry, there was an another one: UserProfileEditor on (System) which someone mistakenly granted probably, but removing it makes no difference, user still sees the Expanded tab. There are no groups in this system. In short, these permissions are inherited from Everyone:

UserTemplateBasedVm

CpuProfileOperator

VnicProfileUser

And these are granted explicitly on objects:

UserRole (on a VM Pool)

UserRole (on a VM of the VM Pool)

2016-03-19 7:22 GMT+00:00 Oved Ourfali <oourfali@redhat.com>:

As far as I remember you're right.
Are you sure these are the only permissions? Maybe something inherited from a group?
I can check the code next week to make sure nothing has changed.

On Mar 18, 2016 23:10, "James Michels" <karma.sometimes.hurts@gmail.com> wrote:
Hi,

This is oVirt 3.6.3.4, and I have a user with the following permissions.

Role | Object | Inherited permission
UserTemplateBasedVm | Small (VM Template) | Everyone
UserTemplateBasedVm | Medium (VM Template) | Everyone
UserTemplateBasedVm | Large (VM Template) | Everyone
UserTemplateBasedVm | XLarge (VM Template) | Everyone
UserTemplateBasedVm | ubuntu-14 (VM Template) | Everyone
UserTemplateBasedVm | centos-7 (VM Template) | Everyone
CpuProfileOperator | Default (CpuProfile) | Everyone
VnicProfileUser | LAN1 (Vnic Profile) | Everyone
VnicProfileUser | LAN2 (Vnic Profile) | Everyone
UserRole | instance (VM Pool) |
UserRole | instance-6 (VM) |

This user can see the Extended tab when logged in to the User panel. However AFAIK only PowerUserRole grants access to that tab. Which permission(s) is allowing the user to see the tab?

Thanks

James

_______________________________________________
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users