Hi Jeff,
* I assume that we are talking about the User Portal,
not the web-admin (to which the user cannot even log
into, according to the permissions that you specified).
* a permission is a triplet of role, user and object.
according to what you are saying, the user's permission is:
- role: Copy_of_UserRole [contains "Remote Log" only (???)]
- user: user
- object: ???
what is the object with which the user's permission
is associated? I suspect it is "System", which would
explain why the users sees all of the VMs in his user-
portal (permissions inheritance, as you suspected: all
VMs are "descendants" of "System", therefore permissions
on "System" are propagated to the VMs within the system)
* are there any additional permissions for this user? a
screen-shot of the user's "Permissions" sub-tab in the
User's main tab in the web-admin would be helpful.
* does the user belong to any group that has permissions
on the system? if so, this user could be inheriting these
permissions from that group.
* are you sure that the "Copy_of_UserRole" role contains
only the "Remote Log" action? if not - that can explain
why the user is able to perform actions on the VMs other
than "Remote Log".
----
Thanks,
Einav
----- Original Message -----
From: "Jeff Clay" <jeffclay(a)gmail.com>
To: users(a)ovirt.org
Sent: Tuesday, May 6, 2014 4:32:28 PM
Subject: [ovirt-users] Users seeing all vm's
For some reason, when logged in as a user with a modifed copy role of
UserRole (only has login permssion and VM -> Basic Operations -> Remote Log
In permission) the user can see all of the VM's and has the ability to open
a console, start, shutdown or suspend any of the VM's. I have verified that
all of the VM's only show the SuperUser role in their permissions. I went
through all of the roles and verified that the user is only a member of the
Copy_of_UserRole. The only thing I can think of is that the user is
inheriting permissions from something, but I can't find what it is or
where. Any suggestions?
Thanks.
_______________________________________________
Users mailing list
Users(a)ovirt.org
http://lists.ovirt.org/mailman/listinfo/users