Hello, when using user roles (not admin ones) you have to use filter parameter. So you need to start the ovirt-shell similar to this: $ ovirt-shell --filter --username=... --url=... --ca-file=... On 11/09/2016 10:49 PM, Derek Atkins wrote:
Hi,
I created a user and a new user role, VmStarter, that has two permissions: System -> Configure System -> Login Permissions VM -> Basic Operations -> Run VM
I assigned this new user to this role at the data center.
If I login to the user portal with this user I get a screen with all my VMs, and if a VM is down I can click on the "run" button and it will start. If a machine is running I cannot click on the stop button (well, I can, but I get a permission denied error, which is expected). So it sounds like everything is working.
Now I want to use ovirt-shell to do the same thing. I can login just fine using this user's credentials, and I get connected. However when I execute the command to start a VM:
[oVirt shell (connected)]# action vm vm-0 start
I get this error:
==================================== ERROR ================================= status: 400 reason: Bad Request detail: query execution failed due to insufficient permissions. ============================================================================
This seems to imply I'm missing a permission. But I have no idea what permission I'm missing. I haven't found anything in the engine log that would help me.
Any ideas what's wrong and (more importantly) how to fix it?
Thanks,
-derek