
Thanks, that clarifies quite a bit. The permissions are being applied to "System" for the regular UserRole, but I don't see where to define what objects the roles are assigned to. On Wed, May 7, 2014 at 2:28 AM, Oved Ourfalli <ovedo@redhat.com> wrote:
Hi Jeff
Roles determine two things: 1. What the user can see 2. What the user can do
It is important to know on who is the user, what is the role (UserRole? as you also mentioned SuperUser?) and on what object(s) was the role granted on. Assuming it is UserRole, on a specific user, then: If on a VM, then the user can see/operate on this VM. If on a Cluster, then the user can see/operate on all the VMs in this cluster. If on a DC, then the user can see/operate on all the VMs in clusters that are part of this DC. If on System, then the user can see/operate on all the VMs in the system.
So the hierarchy is System-->DC-->Cluster-->VM. I hope this clarifies you question.
Regards, Oved
From: "Jeff Clay" <jeffclay@gmail.com> To: users@ovirt.org Sent: Monday, May 5, 2014 10:31:53 PM Subject: [ovirt-users] user portal permissions
For some reason, when logged in as a user with a modifed copy role of UserRole (only has login permssion and VM -> Basic Operations -> Remote Log In permission) the user can see all of the VM's and has the ability to open a console, start, shutdown or suspend any of the VM's. I have verified
all of the VM's only show the SuperUser role in their permissions. I went through all of the roles and verified that the user is only a member of
----- Original Message ----- that the
Copy_of_UserRole. The only thing I can think of is that the user is inheriting permissions from something, but I can't find what it is or where. Any suggestions?
Thanks.
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users