[ovirt-users] Re: Multitenant scenario in oVirt

Hi oVirt community, I'm playing with a multitenant use-case in oVirt 3.4.6... My setup is as follows: - I have two working Data Centers (DC1 and DC2) - I created two additional users DC1-admin and DC2-admin - In DC1 permission settings I've added DC1-admin as a user with a builtin DataCenterAdmin Role. - In DC2 permission settings I've added DC2-admin as a user with a builtin DataCenterAdmin Role. Now in terms of permissions all is good: DC1-admin is not able to modify anything in DC2 and DC2-admin is not able to modify anything in DC1. However in both the Admin Portal and the VM Portal DC1-admin and DC2-admin can still see all other datacenter resources. My expectation was that if I login to the Admin Portal as e.g. DC2-admin I will only see DC2 datacenter in the GUI and nothing else. Same with VM Portal. I played with different user settings but I couldn't make it work... I think the problem is that whatever user you create it will always belong to the build-in "everyone" group and inherit permission to see everything in the portal. Is it possible to achieve a scenario where e.g. DC2-admin will login to the Admin Portal and only see resources that belong to DC2 and nothing else? Thanks, Michal