12:10 a.m.
Hi,
This is oVirt 3.6.3.4, and I have a user with the following permissions.
Role | Object | Inherited permission
UserTemplateBasedVm | Small (VM Template) | Everyone
UserTemplateBasedVm | Medium (VM Template) | Everyone
UserTemplateBasedVm | Large (VM Template) | Everyone
UserTemplateBasedVm | XLarge (VM Template) | Everyone
UserTemplateBasedVm | ubuntu-14 (VM Template) | Everyone
UserTemplateBasedVm | centos-7 (VM Template) | Everyone
CpuProfileOperator | Default (CpuProfile) | Everyone
VnicProfileUser | LAN1 (Vnic Profile) | Everyone
VnicProfileUser | LAN2 (Vnic Profile) | Everyone
UserRole | instance (VM Pool) |
UserRole | instance-6 (VM) |
This user can see the Extended tab when logged in to the User panel.
However AFAIK only PowerUserRole grants access to that tab. Which
permission(s) is allowing the user to see the tab?
Thanks
James
10:22 a.m.
As far as I remember you're right.
Are you sure these are the only permissions? Maybe something inherited from
a group?
I can check the code next week to make sure nothing has changed.
On Mar 18, 2016 23:10, "James Michels" <karma.sometimes.hurts(a)gmail.com>
wrote:
Hi,
This is oVirt 3.6.3.4, and I have a user with the following permissions.
Role | Object | Inherited permission
UserTemplateBasedVm | Small (VM Template) | Everyone
UserTemplateBasedVm | Medium (VM Template) | Everyone
UserTemplateBasedVm | Large (VM Template) | Everyone
UserTemplateBasedVm | XLarge (VM Template) | Everyone
UserTemplateBasedVm | ubuntu-14 (VM Template) | Everyone
UserTemplateBasedVm | centos-7 (VM Template) | Everyone
CpuProfileOperator | Default (CpuProfile) | Everyone
VnicProfileUser | LAN1 (Vnic Profile) | Everyone
VnicProfileUser | LAN2 (Vnic Profile) | Everyone
UserRole | instance (VM Pool) |
UserRole | instance-6 (VM) |
This user can see the Extended tab when logged in to the User panel.
However AFAIK only PowerUserRole grants access to that tab. Which
permission(s) is allowing the user to see the tab?
Thanks
James
_______________________________________________
Users mailing list
Users(a)ovirt.org
http://lists.ovirt.org/mailman/listinfo/users
11:11 a.m.
Sorry, there was an another one: UserProfileEditor on (System) which
someone mistakenly granted probably, but removing it makes no difference,
user still sees the Expanded tab. There are no groups in this system. In
short, these permissions are inherited from Everyone:
UserTemplateBasedVm
CpuProfileOperator
VnicProfileUser
And these are granted explicitly on objects:
UserRole (on a VM Pool)
UserRole (on a VM of the VM Pool)
2016-03-19 7:22 GMT+00:00 Oved Ourfali <oourfali(a)redhat.com>:
As far as I remember you're right.
Are you sure these are the only permissions? Maybe something inherited
from a group?
I can check the code next week to make sure nothing has changed.
On Mar 18, 2016 23:10, "James Michels" <karma.sometimes.hurts(a)gmail.com>
wrote:
> Hi,
>
> This is oVirt 3.6.3.4, and I have a user with the following permissions.
>
> Role | Object | Inherited permission
> UserTemplateBasedVm | Small (VM Template) | Everyone
> UserTemplateBasedVm | Medium (VM Template) | Everyone
> UserTemplateBasedVm | Large (VM Template) | Everyone
> UserTemplateBasedVm | XLarge (VM Template) | Everyone
> UserTemplateBasedVm | ubuntu-14 (VM Template) | Everyone
> UserTemplateBasedVm | centos-7 (VM Template) | Everyone
> CpuProfileOperator | Default (CpuProfile) | Everyone
> VnicProfileUser | LAN1 (Vnic Profile) | Everyone
> VnicProfileUser | LAN2 (Vnic Profile) | Everyone
> UserRole | instance (VM Pool) |
> UserRole | instance-6 (VM) |
>
> This user can see the Extended tab when logged in to the User panel.
> However AFAIK only PowerUserRole grants access to that tab. Which
> permission(s) is allowing the user to see the tab?
>
> Thanks
>
> James
>
> _______________________________________________
> Users mailing list
> Users(a)ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
>
>
12:57 p.m.
It's bug[1], should be fixed in 3.6.5.
[1] https://bugzilla.redhat.com/show_bug.cgi?id=1316849
On 03/19/2016 09:11 AM, James Michels wrote:
Sorry, there was an another one: UserProfileEditor on (System) which
someone mistakenly granted probably, but removing it makes no
difference, user still sees the Expanded tab. There are no groups in
this system. In short, these permissions are inherited from Everyone:
UserTemplateBasedVm
CpuProfileOperator
VnicProfileUser
And these are granted explicitly on objects:
UserRole (on a VM Pool)
UserRole (on a VM of the VM Pool)
2016-03-19 7:22 GMT+00:00 Oved Ourfali <oourfali(a)redhat.com
<mailto:oourfali@redhat.com>>:
As far as I remember you're right.
Are you sure these are the only permissions? Maybe something
inherited from a group?
I can check the code next week to make sure nothing has changed.
On Mar 18, 2016 23:10, "James Michels"
<karma.sometimes.hurts(a)gmail.com
<mailto:karma.sometimes.hurts@gmail.com>> wrote:
Hi,
This is oVirt 3.6.3.4, and I have a user with the following
permissions.
Role | Object | Inherited permission
UserTemplateBasedVm | Small (VM Template) | Everyone
UserTemplateBasedVm | Medium (VM Template) | Everyone
UserTemplateBasedVm | Large (VM Template) | Everyone
UserTemplateBasedVm | XLarge (VM Template) | Everyone
UserTemplateBasedVm | ubuntu-14 (VM Template) | Everyone
UserTemplateBasedVm | centos-7 (VM Template) | Everyone
CpuProfileOperator | Default (CpuProfile) | Everyone
VnicProfileUser | LAN1 (Vnic Profile) | Everyone
VnicProfileUser | LAN2 (Vnic Profile) | Everyone
UserRole | instance (VM Pool) |
UserRole | instance-6 (VM) |
This user can see the Extended tab when logged in to the User
panel. However AFAIK only PowerUserRole grants access to that
tab. Which permission(s) is allowing the user to see the tab?
Thanks
James
_______________________________________________
Users mailing list
Users(a)ovirt.org <mailto:Users@ovirt.org>
http://lists.ovirt.org/mailman/listinfo/users
_______________________________________________
Users mailing list
Users(a)ovirt.org
http://lists.ovirt.org/mailman/listinfo/users
3170
days inactive
3171
days old
3 comments
3 participants
participants (3)
-
James Michels -
Ondra Machacek -
Oved Ourfali