Re: [ovirt-users] user portal permissions
Thanks, that clarifies quite a bit. The permissions are being applied to
"System" for the regular UserRole, but I don't see where to define what
objects the roles are assigned to.
On Wed, May 7, 2014 at 2:28 AM, Oved Ourfalli <ovedo(a)redhat.com> wrote:
Hi Jeff
Roles determine two things:
1. What the user can see
2. What the user can do
It is important to know on who is the user, what is the role (UserRole? as
you also mentioned SuperUser?) and on what object(s) was the role granted
on.
Assuming it is UserRole, on a specific user, then:
If on a VM, then the user can see/operate on this VM.
If on a Cluster, then the user can see/operate on all the VMs in this
cluster.
If on a DC, then the user can see/operate on all the VMs in clusters that
are part of this DC.
If on System, then the user can see/operate on all the VMs in the system.
So the hierarchy is System-->DC-->Cluster-->VM.
I hope this clarifies you question.
Regards,
Oved
----- Original Message -----
> From: "Jeff Clay" <jeffclay(a)gmail.com>
> To: users(a)ovirt.org
> Sent: Monday, May 5, 2014 10:31:53 PM
> Subject: [ovirt-users] user portal permissions
>
> For some reason, when logged in as a user with a modifed copy role of
> UserRole (only has login permssion and VM -> Basic Operations -> Remote
Log
> In permission) the user can see all of the VM's and has the ability to
open
> a console, start, shutdown or suspend any of the VM's. I have verified
that
> all of the VM's only show the SuperUser role in their permissions. I went
> through all of the roles and verified that the user is only a member of
the
> Copy_of_UserRole. The only thing I can think of is that the user is
> inheriting permissions from something, but I can't find what it is or
where.
> Any suggestions?
>
> Thanks.
>
> _______________________________________________
> Users mailing list
> Users(a)ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
>
Attachments:
- attachment.html (text/html — 2.7 KB)