Re: [ovirt-users] oVirt 3.5.1 user permissions

29 Jan 2015

      Setting that login permission at the system level is why they can see everything even if they can't control it. Copy the user permission role and remove all the permissions except login to system (the last box under login) create instance, and attach to storage domains. 

Then add it to the datacenter permission set 

On Jan 29, 2015 2:02 AM, Ondra Machacek <omachace@redhat.com> wrote:
...
If you add for example 'UserRole' on VM, then your user should login to 
UserPortal without any problem and see his VM.
On 01/29/2015 09:58 AM, Nikolai Bochev wrote:
...
Ok, but if i don't add "System" permissions to a user with "UserRole"
they cannot login at all ?
On Thu, Jan 29, 2015 at 10:56 AM, Ondra Machacek <omachace@redhat.com
<mailto:omachace@redhat.com>> wrote:
     On 01/29/2015 09:35 AM, Nikolai Bochev wrote:
         Hello,
         I've been running ovirt hosted engine for around a month already
         without
         any major interruptions. Last week i tied it to freeipa, to be
         able to
         give permissions to other people, but so far no success because
         of the
         following problem :
         All users can see all VM's. I tried clearing all permission
         entries (
         leaving the admin only ) and the re-adding and it didn't help at
         all.
         I am attaching a few screenshots to better describe :
     The problem is that you are assigning system permissions.
     If you assign system permissions you have permission to whole system.
     If you want to assign a permission to user on a specific vm(or object),
     you have to select the object, then click 'permissions' subtab, then
     click 'add', then find your user and choose the role for him.

         Most of the vm's have no permissions attached to them, but they are
         still visible to everyone that logs from the userpanel
         What am i doing wrong ?
         Regards,
         _________________________________________________
         Users mailing list
         Users@ovirt.org <mailto:Users@ovirt.org>
         http://lists.ovirt.org/__mailman/listinfo/users
         <http://lists.ovirt.org/mailman/listinfo/users>
_______________________________________________
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Donny Davis

tags

participants (1)