Thank you for your help! This worked flawlessly and helped me understand the engine database a little more! On 12/04/2018 12:00 PM, Staniforth, Paul wrote:
Get the id for the everyone group https://engine.example.com/ovirt-engine/api/groups?search=everyone
Get the id for the UserRole https://engine.example.com/ovirt-engine/api/roles
connect to the engine database
e.g.
psql -h localhost -U engine -d engine
select * from permissions where ad_element_id='groupid';
note the id of the permission, probably the last one but you can check by the role_id then delete the permission.
delete from permissions where id='noted before';
you should make a backup of your system before you do this.
Regards,
Paul S.
------------------------------------------------------------------------ *From:* Staniforth, Paul *Sent:* 04 December 2018 17:23 *To:* Jacob Green *Subject:* Re: [ovirt-users] The built in group Everyone is troublesome.
Yes, that's not good you need to remove the UserRole system permission but they fixed it so you can't.
https://bugzilla.redhat.com/show_bug.cgi?id=1366205
I think there maybe a bug that allows you to add system permissions to the everyone group in 4.2, you're only supposed to be able to change the permissions with a dbscript.
I'll look up my notes on how to remove the permission from the DB.
Regards,
Paul S.
------------------------------------------------------------------------ *From:* Jacob Green <jgreen@aasteel.com> *Sent:* 04 December 2018 16:59 *To:* Staniforth, Paul *Subject:* Re: [ovirt-users] The built in group Everyone is troublesome.
If the picture does not come through. The following are the permisstions
Group > Everyone
Everyone > Role - UserRole,UserProfileEditor Object : (System)
On 12/04/2018 10:20 AM, Staniforth, Paul wrote:
What are the permissions for the group everyone, in particular the system permission should be just UserProfileEditor.
Regards, Paul S. ________________________________________ From: Jacob Green<jgreen@aasteel.com> Sent: 04 December 2018 15:20 To: users Subject: [ovirt-users] The built in group Everyone is troublesome.
So all my VMs are inheriting system permissions from group everyone and giving all my users access to all my VMs, in ovirt 4.2. Is there a best practices guide or any recommendation on how to clear this up? Clicking remove on everyone does not work because Ovirt won't allow me to remove a built in account.
Thank you
-- Jacob Green
Systems Admin
American Alloy Steel
713-300-5690 _______________________________________________ Users mailing list --users@ovirt.org To unsubscribe send an email tousers-leave@ovirt.org Privacy Statement:https://www.ovirt.org/site/privacy-policy/ oVirt Code of Conduct:https://www.ovirt.org/community/about/community-guidelines/ List Archives:https://lists.ovirt.org/archives/list/users@ovirt.org/message/A5MW7PLHH5YGBV... To view the terms under which this email is distributed, please go to:- http://leedsbeckett.ac.uk/disclaimer/email/
-- Jacob Green
Systems Admin
American Alloy Steel
713-300-5690 To view the terms under which this email is distributed, please go to:- http://leedsbeckett.ac.uk/disclaimer/email/
-- Jacob Green Systems Admin American Alloy Steel 713-300-5690