Re: [ovirt-users] User with SuperAdmin Role has not MANIPULATE_STORAGE_DOMAIN

From: "Kevin COUSIN" <kevin(a)famillecousin.fr&gt; To: "Maor Lipchuk" <mlipchuk(a)redhat.com&gt; Cc: "users" <users(a)ovirt.org&gt;, "Oved Ourfali" <oourfali(a)redhat.com&gt; Sent: Tuesday, January 12, 2016 5:06:22 PM Subject: Re: [ovirt-users] User with SuperAdmin Role has not MANIPULATE_STORAGE_DOMAIN I set SuperAdmin Role on a group. It dosen't work with StorageAdmin role. I can't add set roles with my directory account, I need to use admin@internal account.

From the attached print screens it looks like the DC you have permissions on are infra and local.

------------------------ COUSIN Kevin ----- Mail original ----- > De: "Maor Lipchuk" <mlipchuk(a)redhat.com&gt; > À: "Kevin C" <kevin(a)famillecousin.fr&gt; > Cc: "users" <users(a)ovirt.org&gt;, "Oved Ourfali" <oourfali(a)redhat.com&gt; > Envoyé: Mardi 12 Janvier 2016 13:57:16 > Objet: Re: [ovirt-users] User with SuperAdmin Role has not > MANIPULATE_STORAGE_DOMAIN > ----- Original Message ----- >> From: "Kevin C" <kevin(a)famillecousin.fr&gt; >> To: "Maor Lipchuk" <mlipchuk(a)redhat.com&gt; >> Cc: "users" <users(a)ovirt.org&gt;, "Oved Ourfali" <oourfali(a)redhat.com&gt; >> Sent: Monday, January 11, 2016 11:04:11 AM >> Subject: Re: [ovirt-users] User with SuperAdmin Role has not >> MANIPULATE_STORAGE_DOMAIN >> >> >> >> Le 09/01/2016 16:09, Maor Lipchuk a écrit : >> > Hi Kevin, >> > >> > Does it still reproduce after the permissions were set? >> > >> > Regards, >> > Maor >> > >> Hi Maor, >> >> Yes it does, I just try it with another Domain. >> >> Regards > > > Which role have you added to your user? Can u please try to edit the role > which > you have added to your user, does the role "Configure Storage Domain" is > marked > (See attached screenshot). > Can you please try to add to the user the role StorageAdmin (See second > attached > screenshot) > > Regards, > Maor > >> >> --- >> >> Kevin C >> >> >> > ----- Original Message ----- >> >> From: "Oved Ourfali" <oourfali(a)redhat.com&gt; >> >> To: "Kevin C" <kevin(a)famillecousin.fr&gt; >> >> Cc: "users" <users(a)ovirt.org&gt; >> >> Sent: Friday, January 8, 2016 1:20:53 PM >> >> Subject: Re: [ovirt-users] User with SuperAdmin Role has not >> >> MANIPULATE_STORAGE_DOMAIN >> >> >> >> >> >> >> >> CC-ing someone from the storage team to take a look. >> >> On Jan 7, 2016 6:43 PM, "Kevin C" < kevin(a)famillecousin.fr > wrote: >> >> >> >> >> >> >> >> Hi, >> >> >> >> I set it on "system" level, on right upper side. >> >> >> >> Regards, >> >> >> >> Le 07/01/2016 17:39, Oved Ourfali a écrit : >> >> >> >> >> >> >> >> >> >> Permissions in ovirt are composed of the role, user/group, and object. >> >> >> >> I guess you refer to the SuperUser role. Question is what object you've >> >> granted it on. >> >> >> >> In order to have a permission on "system" level, you gave to go to the >> >> configure dialog (see right upper side of your screen). >> >> >> >> Regards, >> >> Oved Ourfali >> >> Hi list, >> >> >> >> I set the SuperAdmin Role on a AD group. I use my account in this group >> >> to >> >> use oVirt. I try today to add an Export Domain but I failed with this >> >> error >> >> in log : >> >> >> >> 2016-01-07 16:46:28,883 INFO >> >> [org.ovirt.engine.core.bll.storage.AttachStorageDomainToPoolCommand] >> >> (default task-1) [68d5410a] No permission found for user >> >> '8ac67747-110c-4125-86f1-1f52ca0e7705' or one of the groups he is >> >> member >> >> of, >> >> when running action 'AttachStorageDomainToPool', Required permissions >> >> are: >> >> Action type: 'ADMIN' Action group: 'MANIPULATE_STORAGE_DOMAIN' Object >> >> type: >> >> 'Storage' Object ID: 'c7dee64d-a27e-446e-8656-cef2d8ea42a6'. >> >> >> >> >> >> Where can I set the good permission ? >> >> >> >> Thanks a lot >> >> --- >> >> Kevin C >> >> _______________________________________________ >> >> Users mailing list >> >> Users(a)ovirt.org >> >> http://lists.ovirt.org/mailman/listinfo/users >> >> >> >> >> >> >> >> >> >> _______________________________________________ >> >> Users mailing list >> >> Users(a)ovirt.org >> >> http://lists.ovirt.org/mailman/listinfo/users >> >> >>