[ovirt-users] Re: The built in group Everyone is troublesome.

Get the id for the everyone group https://engine.example.com/ovirt-engine/api/groups?search=everyone Get the id for the UserRole https://engine.example.com/ovirt-engine/api/roles connect to the engine database e.g. psql -h localhost -U engine -d engine select * from permissions where ad_element_id='groupid'; note the id of the permission, probably the last one but you can check by the role_id then delete the permission. delete from permissions where id='noted before'; you should make a backup of your system before you do this. Regards, Paul S. ------------------------------------------------------------------------ *From:* Staniforth, Paul *Sent:* 04 December 2018 17:23 *To:* Jacob Green *Subject:* Re: [ovirt-users] The built in group Everyone is troublesome. Yes, that's not good you need to remove the UserRole system permission but they fixed it so you can't. https://bugzilla.redhat.com/show_bug.cgi?id=1366205 I think there maybe a bug that allows you to add system permissions to the everyone group in 4.2, you're only supposed to be able to change the permissions with a dbscript. I'll look up my notes on how to remove the permission from the DB. Regards, Paul S. ------------------------------------------------------------------------ *From:* Jacob Green <jgreen(a)aasteel.com&gt; *Sent:* 04 December 2018 16:59 *To:* Staniforth, Paul *Subject:* Re: [ovirt-users] The built in group Everyone is troublesome. If the picture does not come through. The following are the permisstions Group > Everyone Everyone > Role - UserRole,UserProfileEditor Object : (System) On 12/04/2018 10:20 AM, Staniforth, Paul wrote: > What are the permissions for the group everyone, in particular the system permission should be just UserProfileEditor. > > Regards, > Paul S. > ________________________________________ > From: Jacob Green&lt;jgreen(a)aasteel.com&gt; > Sent: 04 December 2018 15:20 > To: users > Subject: [ovirt-users] The built in group Everyone is troublesome. > > So all my VMs are inheriting system permissions from group > everyone and giving all my users access to all my VMs, in ovirt 4.2. Is > there a best practices guide or any recommendation on how to clear this > up? Clicking remove on everyone does not work because Ovirt won't allow > me to remove a built in account. > > > Thank you > > -- > Jacob Green > > Systems Admin > > American Alloy Steel > > 713-300-5690 > _______________________________________________ > Users mailing list --users(a)ovirt.org > To unsubscribe send an email tousers-leave(a)ovirt.org > Privacy Statement:https://www.ovirt.org/site/privacy-policy/ > oVirt Code of Conduct:https://www.ovirt.org/community/about/community-guidelines/ > List Archives:https://lists.ovirt.org/archives/list/users@ovirt.org/message/A5... > To view the terms under which this email is distributed, please go to:- > http://leedsbeckett.ac.uk/disclaimer/email/ -- Jacob Green Systems Admin American Alloy Steel 713-300-5690 To view the terms under which this email is distributed, please go to:- http://leedsbeckett.ac.uk/disclaimer/email/