On Wed, Dec 14, 2016 at 9:54 AM, Michal Skrivanek <michal.skrivanek@redhat.com> wrote:

On 9 Dec 2016, at 16:53, Bill Bill <jax2568@outlook.com> wrote:

Hello,

There seems to be an issue with assigning permissions. When creating a user, if the user has “create” functionality for a VM, they can also delete the VM even if “delete” is not checked. Is this by design or perhaps something that was overlooked? Essentially, I want a user that can add/modify but not delete.

it is probably a bug. worth filing a bug (ovirt-engine, virt)

It's not a bug. This is by design. When user has 'create_vm' permission and he is using
UserPortal or filtered REST API, then he will get UserVmManager permission on newly created VM

and with this permission you can delete that VM, but not any other vm, only the one you've created.

there’s likely no easy workaround…you can try to create your own role with only the create permission, but…unlikely

Thanks,
michal

_______________________________________________
Users mailing list
Users@ovirt.org
http://lists.phx.ovirt.org/mailman/listinfo/users

_______________________________________________
Users mailing list
Users@ovirt.org
http://lists.phx.ovirt.org/mailman/listinfo/users