User with extended tab in User Panel?
Hi, This is oVirt 3.6.3.4, and I have a user with the following permissions. Role | Object | Inherited permission UserTemplateBasedVm | Small (VM Template) | Everyone UserTemplateBasedVm | Medium (VM Template) | Everyone UserTemplateBasedVm | Large (VM Template) | Everyone UserTemplateBasedVm | XLarge (VM Template) | Everyone UserTemplateBasedVm | ubuntu-14 (VM Template) | Everyone UserTemplateBasedVm | centos-7 (VM Template) | Everyone CpuProfileOperator | Default (CpuProfile) | Everyone VnicProfileUser | LAN1 (Vnic Profile) | Everyone VnicProfileUser | LAN2 (Vnic Profile) | Everyone UserRole | instance (VM Pool) | UserRole | instance-6 (VM) | This user can see the Extended tab when logged in to the User panel. However AFAIK only PowerUserRole grants access to that tab. Which permission(s) is allowing the user to see the tab? Thanks James
As far as I remember you're right. Are you sure these are the only permissions? Maybe something inherited from a group? I can check the code next week to make sure nothing has changed. On Mar 18, 2016 23:10, "James Michels" <karma.sometimes.hurts@gmail.com> wrote:
Hi,
This is oVirt 3.6.3.4, and I have a user with the following permissions.
Role | Object | Inherited permission UserTemplateBasedVm | Small (VM Template) | Everyone UserTemplateBasedVm | Medium (VM Template) | Everyone UserTemplateBasedVm | Large (VM Template) | Everyone UserTemplateBasedVm | XLarge (VM Template) | Everyone UserTemplateBasedVm | ubuntu-14 (VM Template) | Everyone UserTemplateBasedVm | centos-7 (VM Template) | Everyone CpuProfileOperator | Default (CpuProfile) | Everyone VnicProfileUser | LAN1 (Vnic Profile) | Everyone VnicProfileUser | LAN2 (Vnic Profile) | Everyone UserRole | instance (VM Pool) | UserRole | instance-6 (VM) |
This user can see the Extended tab when logged in to the User panel. However AFAIK only PowerUserRole grants access to that tab. Which permission(s) is allowing the user to see the tab?
Thanks
James
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Sorry, there was an another one: UserProfileEditor on (System) which someone mistakenly granted probably, but removing it makes no difference, user still sees the Expanded tab. There are no groups in this system. In short, these permissions are inherited from Everyone: UserTemplateBasedVm CpuProfileOperator VnicProfileUser And these are granted explicitly on objects: UserRole (on a VM Pool) UserRole (on a VM of the VM Pool) 2016-03-19 7:22 GMT+00:00 Oved Ourfali <oourfali@redhat.com>:
As far as I remember you're right. Are you sure these are the only permissions? Maybe something inherited from a group? I can check the code next week to make sure nothing has changed. On Mar 18, 2016 23:10, "James Michels" <karma.sometimes.hurts@gmail.com> wrote:
Hi,
This is oVirt 3.6.3.4, and I have a user with the following permissions.
Role | Object | Inherited permission UserTemplateBasedVm | Small (VM Template) | Everyone UserTemplateBasedVm | Medium (VM Template) | Everyone UserTemplateBasedVm | Large (VM Template) | Everyone UserTemplateBasedVm | XLarge (VM Template) | Everyone UserTemplateBasedVm | ubuntu-14 (VM Template) | Everyone UserTemplateBasedVm | centos-7 (VM Template) | Everyone CpuProfileOperator | Default (CpuProfile) | Everyone VnicProfileUser | LAN1 (Vnic Profile) | Everyone VnicProfileUser | LAN2 (Vnic Profile) | Everyone UserRole | instance (VM Pool) | UserRole | instance-6 (VM) |
This user can see the Extended tab when logged in to the User panel. However AFAIK only PowerUserRole grants access to that tab. Which permission(s) is allowing the user to see the tab?
Thanks
James
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
It's bug[1], should be fixed in 3.6.5. [1] https://bugzilla.redhat.com/show_bug.cgi?id=1316849 On 03/19/2016 09:11 AM, James Michels wrote:
Sorry, there was an another one: UserProfileEditor on (System) which someone mistakenly granted probably, but removing it makes no difference, user still sees the Expanded tab. There are no groups in this system. In short, these permissions are inherited from Everyone:
UserTemplateBasedVm CpuProfileOperator VnicProfileUser
And these are granted explicitly on objects:
UserRole (on a VM Pool) UserRole (on a VM of the VM Pool)
2016-03-19 7:22 GMT+00:00 Oved Ourfali <oourfali@redhat.com <mailto:oourfali@redhat.com>>:
As far as I remember you're right. Are you sure these are the only permissions? Maybe something inherited from a group? I can check the code next week to make sure nothing has changed.
On Mar 18, 2016 23:10, "James Michels" <karma.sometimes.hurts@gmail.com <mailto:karma.sometimes.hurts@gmail.com>> wrote:
Hi,
This is oVirt 3.6.3.4, and I have a user with the following permissions.
Role | Object | Inherited permission UserTemplateBasedVm | Small (VM Template) | Everyone UserTemplateBasedVm | Medium (VM Template) | Everyone UserTemplateBasedVm | Large (VM Template) | Everyone UserTemplateBasedVm | XLarge (VM Template) | Everyone UserTemplateBasedVm | ubuntu-14 (VM Template) | Everyone UserTemplateBasedVm | centos-7 (VM Template) | Everyone CpuProfileOperator | Default (CpuProfile) | Everyone VnicProfileUser | LAN1 (Vnic Profile) | Everyone VnicProfileUser | LAN2 (Vnic Profile) | Everyone UserRole | instance (VM Pool) | UserRole | instance-6 (VM) |
This user can see the Extended tab when logged in to the User panel. However AFAIK only PowerUserRole grants access to that tab. Which permission(s) is allowing the user to see the tab?
Thanks
James
_______________________________________________ Users mailing list Users@ovirt.org <mailto:Users@ovirt.org> http://lists.ovirt.org/mailman/listinfo/users
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
participants (3)
-
James Michels -
Ondra Machacek -
Oved Ourfali