On Wed, Dec 14, 2016 at 9:54 AM, Michal Skrivanek < michal.skrivanek@redhat.com> wrote:
On 9 Dec 2016, at 16:53, Bill Bill <jax2568@outlook.com> wrote:
Hello,
There seems to be an issue with assigning permissions. When creating a user, if the user has “create” functionality for a VM, they can also delete the VM even if “delete” is not checked. Is this by design or perhaps something that was overlooked? Essentially, I want a user that can add/modify but not delete.
it is probably a bug. worth filing a bug (ovirt-engine, virt)
It's not a bug. This is by design. When user has 'create_vm' permission and he is using UserPortal or filtered REST API, then he will get UserVmManager permission on newly created VM and with this permission you can delete that VM, but not any other vm, only the one you've created.
there’s likely no easy workaround…you can try to create your own role with only the create permission, but…unlikely
Thanks, michal
_______________________________________________ Users mailing list Users@ovirt.org http://lists.phx.ovirt.org/mailman/listinfo/users
_______________________________________________ Users mailing list Users@ovirt.org http://lists.phx.ovirt.org/mailman/listinfo/users