user permission for add storage domain
</o:p></span></p> <p class=3D"MsoNormal"><span lang=3D"EN-US">User can provide super-user ope= rations, but he can’t add storage domain.<o:p></o:p></span></p> <p class=3D"MsoNormal"><span lang=3D"EN-US">I also grant to user storage-ad= min rights, but problem persist anyway.<o:p></o:p></span></p> <p class=3D"MsoNormal"><span lang=3D"EN-US"><o:p> </o:p></span></p> <p class=3D"MsoNormal"><span lang=3D"EN-US">In web I see:<o:p></o:p></span>= </p> <p class=3D"MsoNormal"><span lang=3D"EN-US" style=3D"font-family:"Aria= l Unicode MS",sans-serif;color:black;background:white">Error while exe= cuting action: User is not authorized to perform this action.<o:p></o:p></s=
--_004_c5b0ce93c5ee4aafbad20039a5e7279dvlgums05Megafonru_ Content-Type: multipart/alternative; boundary="_000_c5b0ce93c5ee4aafbad20039a5e7279dvlgums05Megafonru_" --_000_c5b0ce93c5ee4aafbad20039a5e7279dvlgums05Megafonru_ Content-Type: text/plain; charset="koi8-r" Content-Transfer-Encoding: quoted-printable I create user in internal domain by ovirt-aaa-jdbc-tool, next, I grant him = super-user role on cluster. User can provide super-user operations, but he can't add storage domain. I also grant to user storage-admin rights, but problem persist anyway. In web I see: Error while executing action: User is not authorized to perform this action= . In ovirt-engine/engine.log I see: WARN [org.ovirt.engine.core.bll.storage.connection.AddStorageServerConnect= ionCommand] (default task-79) [50876bd2] Validation of action 'AddStorageSe= rverConnection' failed for user test-user@internal-authz. Reasons: VAR__ACT= ION__ADD,VAR__TYPE__STORAGE__CONNECTION,USER_NOT_AUTHORIZED_TO_PERFORM_ACTI= ON =EC=C1=CD=D9=CB=C9=CE =F7=C1=D3=C9=CC=C9=CA =F3=D4=C1=D2=DB=C9=CA =C9=CE=D6=C5=CE=C5=D2 =D0=CF =DC=CB=D3=D0=CC=D5=C1=D4= =C1=C3=C9=C9 =D3=C5=D2=D7=C9=D3=CE=D9=C8 =D0=CC=C1=D4=C6=CF=D2=CD =F3=D4=CF=CC=C9=DE=CE=D9=CA =C6-=C1=CC =F0=E1=EF "=ED=C5=C7=C1=E6=CF=CE +7 (926) 500-3308 [=ED=C5=C7=C1=E6=CF=CE =CC=CF=C7=CF+=DA=CE=C1=CB =F2=F5=F3 B2C] ________________________________ =E9=CE=C6=CF=D2=CD=C1=C3=C9=D1 =D7 =DC=D4=CF=CD =D3=CF=CF=C2=DD=C5=CE=C9=C9= =D0=D2=C5=C4=CE=C1=DA=CE=C1=DE=C5=CE=C1 =C9=D3=CB=CC=C0=DE=C9=D4=C5=CC=D8= =CE=CF =C4=CC=D1 =CB=CF=CE=CB=D2=C5=D4=CE=D9=C8 =CC=C9=C3, =CB=CF=D4=CF=D2= =D9=CD =CF=CE=C1 =C1=C4=D2=C5=D3=CF=D7=C1=CE=C1. =F7 =D3=CF=CF=C2=DD=C5=CE= =C9=C9 =CD=CF=D6=C5=D4 =D3=CF=C4=C5=D2=D6=C1=D4=D8=D3=D1 =CB=CF=CE=C6=C9=C4= =C5=CE=C3=C9=C1=CC=D8=CE=C1=D1 =C9=CE=C6=CF=D2=CD=C1=C3=C9=D1, =CB=CF=D4=CF= =D2=C1=D1 =CE=C5 =CD=CF=D6=C5=D4 =C2=D9=D4=D8 =D2=C1=D3=CB=D2=D9=D4=C1 =C9= =CC=C9 =C9=D3=D0=CF=CC=D8=DA=CF=D7=C1=CE=C1 =CB=C5=CD-=CC=C9=C2=CF, =CB=D2= =CF=CD=C5 =C1=C4=D2=C5=D3=C1=D4=CF=D7. =E5=D3=CC=C9 =D7=D9 =CE=C5 =C1=C4=D2= =C5=D3=C1=D4 =DC=D4=CF=C7=CF =D3=CF=CF=C2=DD=C5=CE=C9=D1, =D4=CF =C9=D3=D0= =CF=CC=D8=DA=CF=D7=C1=CE=C9=C5, =D0=C5=D2=C5=C1=C4=D2=C5=D3=C1=C3=C9=D1, = =CB=CF=D0=C9=D2=CF=D7=C1=CE=C9=C5 =C9=CC=C9 =D2=C1=D3=D0=D2=CF=D3=D4=D2=C1= =CE=C5=CE=C9=C5 =D3=CF=C4=C5=D2=D6=C1=CE=C9=D1 =D3=CF=CF=C2=DD=C5=CE=C9=D1 = =C9=CC=C9 =C5=C7=CF =DE=C1=D3=D4=C9 =CE=C5=DA=C1=CB=CF=CE=CE=CF =C9 =DA=C1= =D0=D2=C5=DD=C5=CE=CF. =E5=D3=CC=C9 =F7=D9 =D0=CF=CC=D5=DE=C9=CC=C9 =DC=D4= =CF =D3=CF=CF=C2=DD=C5=CE=C9=C5 =CF=DB=C9=C2=CF=DE=CE=CF, =D0=CF=D6=C1=CC= =D5=CA=D3=D4=C1, =CE=C5=DA=C1=CD=C5=C4=CC=C9=D4=C5=CC=D8=CE=CF =D3=CF=CF=C2= =DD=C9=D4=C5 =CF=D4=D0=D2=C1=D7=C9=D4=C5=CC=C0 =CF=C2 =DC=D4=CF=CD =C9 =D5= =C4=C1=CC=C9=D4=C5 =D3=CF =D7=D3=C5=CD =D3=CF=C4=C5=D2=D6=C9=CD=D9=CD =D3= =C1=CD=CF =D3=CF=CF=C2=DD=C5=CE=C9=C5 =C9 =CC=C0=C2=D9=C5 =D7=CF=DA=CD=CF= =D6=CE=D9=C5 =C5=C7=CF =CB=CF=D0=C9=C9 =C9 =D0=D2=C9=CC=CF=D6=C5=CE=C9=D1. The information contained in this communication is intended solely for the = use of the individual or entity to whom it is addressed and others authoriz= ed to receive it. It may contain confidential or legally privileged informa= tion. The contents may not be disclosed or used by anyone other than the ad= dressee. If you are not the intended recipient(s), any use, disclosure, cop= ying, distribution or any action taken or omitted to be taken in reliance o= n it is prohibited and may be unlawful. If you have received this communica= tion in error please notify us immediately by responding to this email and = then delete the e-mail and all attachments and any copies thereof. (c)20mf50 --_000_c5b0ce93c5ee4aafbad20039a5e7279dvlgums05Megafonru_ Content-Type: text/html; charset="koi8-r" Content-Transfer-Encoding: quoted-printable <html xmlns:v=3D"urn:schemas-microsoft-com:vml" xmlns:o=3D"urn:schemas-micr= osoft-com:office:office" xmlns:w=3D"urn:schemas-microsoft-com:office:word" = xmlns:m=3D"http://schemas.microsoft.com/office/2004/12/omml" xmlns=3D"http:= //www.w3.org/TR/REC-html40"> <head> <meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Dkoi8-r"> <meta name=3D"Generator" content=3D"Microsoft Word 15 (filtered medium)"> <!--[if !mso]><style>v\:* {behavior:url(#default#VML);} o\:* {behavior:url(#default#VML);} w\:* {behavior:url(#default#VML);} .shape {behavior:url(#default#VML);} </style><![endif]--><style><!-- /* Font Definitions */ @font-face {font-family:"Cambria Math"; panose-1:2 4 5 3 5 4 6 3 2 4;} @font-face {font-family:"Arial Unicode MS"; panose-1:2 11 6 4 2 2 2 2 2 4;} @font-face {font-family:Calibri; panose-1:2 15 5 2 2 2 4 3 2 4;} @font-face {font-family:"\@Arial Unicode MS"; panose-1:2 11 6 4 2 2 2 2 2 4;} /* Style Definitions */ p.MsoNormal, li.MsoNormal, div.MsoNormal {margin:0cm; margin-bottom:.0001pt; font-size:11.0pt; font-family:"Calibri",sans-serif; mso-fareast-language:EN-US;} a:link, span.MsoHyperlink {mso-style-priority:99; color:#0563C1; text-decoration:underline;} a:visited, span.MsoHyperlinkFollowed {mso-style-priority:99; color:#954F72; text-decoration:underline;} span.EmailStyle17 {mso-style-type:personal-compose; font-family:"Calibri",sans-serif; color:windowtext;} .MsoChpDefault {mso-style-type:export-only; font-family:"Calibri",sans-serif; mso-fareast-language:EN-US;} @page WordSection1 {size:612.0pt 792.0pt; margin:2.0cm 42.5pt 2.0cm 3.0cm;} div.WordSection1 {page:WordSection1;} --></style><!--[if gte mso 9]><xml> <o:shapedefaults v:ext=3D"edit" spidmax=3D"1026" /> </xml><![endif]--><!--[if gte mso 9]><xml> <o:shapelayout v:ext=3D"edit"> <o:idmap v:ext=3D"edit" data=3D"1" /> </o:shapelayout></xml><![endif]--> </head> <body lang=3D"RU" link=3D"#0563C1" vlink=3D"#954F72"> <div class=3D"WordSection1"> <p class=3D"MsoNormal"><span lang=3D"EN-US">I create user in internal domai= n by ovirt-aaa-jdbc-tool, next, I grant him super-user role on cluster.<o:p= pan></p> <p class=3D"MsoNormal"><span lang=3D"EN-US" style=3D"font-family:"Aria= l Unicode MS",sans-serif;color:black;background:white"><o:p> </o:= p></span></p> <p class=3D"MsoNormal"><span lang=3D"EN-US" style=3D"font-family:"Aria= l Unicode MS",sans-serif;color:black;background:white">In ovirt-engine= /engine.log I see:<o:p></o:p></span></p> <p class=3D"MsoNormal"><span lang=3D"EN-US">WARN [org.ovirt.engine.co= re.bll.storage.connection.AddStorageServerConnectionCommand] (default task-= 79) [50876bd2] Validation of action 'AddStorageServerConnection' failed for= user test-user@internal-authz. Reasons: VAR__ACTION__ADD,VAR__TYPE__STORAGE__CONNECTION,USER_NOT_AUTHORIZED_TO_PER= FORM_ACTION<o:p></o:p></span></p> <p class=3D"MsoNormal"><span lang=3D"EN-US"><o:p> </o:p></span></p> <p class=3D"MsoNormal"><b><span style=3D"color:#1F497D;mso-fareast-language= :RU">=EC=C1=CD=D9=CB=C9=CE =F7=C1=D3=C9=CC=C9=CA<o:p></o:p></span></b></p> <p class=3D"MsoNormal"><span style=3D"color:#1F4E79;background:white;mso-fa= reast-language:RU">=F3=D4=C1=D2=DB=C9=CA =C9=CE=D6=C5=CE=C5=D2 =D0=CF =DC= =CB=D3=D0=CC=D5=C1=D4=C1=C3=C9=C9 =D3=C5=D2=D7=C9=D3=CE=D9=C8 =D0=CC=C1=D4= =C6=CF=D2=CD</span><span style=3D"color:#1F4E79;mso-fareast-language:RU"><o= :p></o:p></span></p> <p class=3D"MsoNormal"><span style=3D"color:#1F4E79;background:white;mso-fa= reast-language:RU">=F3=D4=CF=CC=C9=DE=CE=D9=CA =C6-=C1=CC =F0=E1=EF "= =ED=C5=C7=C1=E6=CF=CE</span><span style=3D"mso-fareast-language:RU"><o:p></= o:p></span></p> <p class=3D"MsoNormal"><span style=3D"color:#1F4E79;background:white;mso-fa= reast-language:RU"><o:p> </o:p></span></p> <p class=3D"MsoNormal"><span style=3D"color:#1F497D;mso-fareast-language:RU= ">+7 (926) 500-3308</span><span style=3D"color:#1F497D"><o:p></o:p></sp= an></p> <p class=3D"MsoNormal"><span style=3D"mso-fareast-language:RU"><img width= =3D"285" height=3D"54" id=3D"=F2=C9=D3=D5=CE=CF=CB_x0020_1" src=3D"cid:imag= e001.png@01D240CF.0DD07960" alt=3D"=ED=C5=C7=C1=E6=CF=CE =CC=CF=C7=CF+= =DA=CE=C1=CB =F2=F5=F3 B2C"><o:p></o:p></span></p> <p class=3D"MsoNormal"><o:p> </o:p></p> </div> <br> <hr> <font face=3D"Arial" color=3D"Gray" size=3D"1"><br> =E9=CE=C6=CF=D2=CD=C1=C3=C9=D1 =D7 =DC=D4=CF=CD =D3=CF=CF=C2=DD=C5=CE=C9=C9= =D0=D2=C5=C4=CE=C1=DA=CE=C1=DE=C5=CE=C1 =C9=D3=CB=CC=C0=DE=C9=D4=C5=CC=D8= =CE=CF =C4=CC=D1 =CB=CF=CE=CB=D2=C5=D4=CE=D9=C8 =CC=C9=C3, =CB=CF=D4=CF=D2= =D9=CD =CF=CE=C1 =C1=C4=D2=C5=D3=CF=D7=C1=CE=C1. =F7 =D3=CF=CF=C2=DD=C5=CE= =C9=C9 =CD=CF=D6=C5=D4 =D3=CF=C4=C5=D2=D6=C1=D4=D8=D3=D1 =CB=CF=CE=C6=C9=C4= =C5=CE=C3=C9=C1=CC=D8=CE=C1=D1 =C9=CE=C6=CF=D2=CD=C1=C3=C9=D1, =CB=CF=D4=CF= =D2=C1=D1 =CE=C5 =CD=CF=D6=C5=D4 =C2=D9=D4=D8 =D2=C1=D3=CB=D2=D9=D4=C1 =C9= =CC=C9 =C9=D3=D0=CF=CC=D8=DA=CF=D7=C1=CE=C1 =CB=C5=CD-=CC=C9=C2=CF, =CB=D2= =CF=CD=C5 =C1=C4=D2=C5=D3=C1=D4=CF=D7. =E5=D3=CC=C9 =D7=D9 =CE=C5 =C1=C4=D2= =C5=D3=C1=D4 =DC=D4=CF=C7=CF =D3=CF=CF=C2=DD=C5=CE=C9=D1, =D4=CF =C9=D3=D0=CF=CC=D8=DA=CF=D7=C1=CE=C9= =C5, =D0=C5=D2=C5=C1=C4=D2=C5=D3=C1=C3=C9=D1, =CB=CF=D0=C9=D2=CF=D7=C1=CE= =C9=C5 =C9=CC=C9 =D2=C1=D3=D0=D2=CF=D3=D4=D2=C1=CE=C5=CE=C9=C5 =D3=CF=C4=C5= =D2=D6=C1=CE=C9=D1 =D3=CF=CF=C2=DD=C5=CE=C9=D1 =C9=CC=C9 =C5=C7=CF =DE=C1= =D3=D4=C9 =CE=C5=DA=C1=CB=CF=CE=CE=CF =C9 =DA=C1=D0=D2=C5=DD=C5=CE=CF. =E5= =D3=CC=C9 =F7=D9 =D0=CF=CC=D5=DE=C9=CC=C9 =DC=D4=CF =D3=CF=CF=C2=DD=C5=CE= =C9=C5 =CF=DB=C9=C2=CF=DE=CE=CF, =D0=CF=D6=C1=CC=D5=CA=D3=D4=C1, =CE=C5=DA= =C1=CD=C5=C4=CC=C9=D4=C5=CC=D8=CE=CF =D3=CF=CF=C2=DD=C9=D4=C5 =CF=D4=D0=D2= =C1=D7=C9=D4=C5=CC=C0 =CF=C2 =DC=D4=CF=CD =C9 =D5=C4=C1=CC=C9=D4=C5 =D3=CF = =D7=D3=C5=CD =D3=CF=C4=C5=D2=D6=C9=CD=D9=CD =D3=C1=CD=CF =D3=CF=CF=C2=DD=C5=CE=C9=C5 =C9 =CC=C0=C2=D9=C5 =D7=CF=DA=CD= =CF=D6=CE=D9=C5 =C5=C7=CF =CB=CF=D0=C9=C9 =C9 =D0=D2=C9=CC=CF=D6=C5=CE=C9= =D1.<br> <br> The information contained in this communication is intended solely for the = use of the individual or entity to whom it is addressed and others authoriz= ed to receive it. It may contain confidential or legally privileged informa= tion. The contents may not be disclosed or used by anyone other than the addressee. If you are not the intended re= cipient(s), any use, disclosure, copying, distribution or any action taken = or omitted to be taken in reliance on it is prohibited and may be unlawful.= If you have received this communication in error please notify us immediately by responding to this email and then= delete the e-mail and all attachments and any copies thereof.<br> <br> (c)20mf50<br> </font> </body> </html> --_000_c5b0ce93c5ee4aafbad20039a5e7279dvlgums05Megafonru_-- --_004_c5b0ce93c5ee4aafbad20039a5e7279dvlgums05Megafonru_ Content-Type: image/png; name="image001.png" Content-Description: image001.png Content-Disposition: inline; filename="image001.png"; size=2130; creation-date="Thu, 17 Nov 2016 09:44:25 GMT"; modification-date="Thu, 17 Nov 2016 09:44:25 GMT" Content-ID: <image001.png@01D240CF.0DD07960> Content-Transfer-Encoding: base64 iVBORw0KGgoAAAANSUhEUgAAASkAAAA4CAYAAAChZA4IAAAACXBIWXMAAA9hAAAPYQGoP6dpAAAA GXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAB99JREFUeNrsnd114joUhZUs3q87 GE8FcSoIVDCkAsjbvJlUAKmA8Ja3QAVhKsCpYJgKxrcD3wq4liUTIx/LkiwyMOxvLc0k/PhX2trn SFbYTtBnAABwQnBd4uJU/hDgkgAATkykAhgoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAM1c 4RIAAEheRsP837u8RLLwx+cS9n01yN+byffSvLznZZ2/nh3jMHq4EwCAijBxIZrkZZSXsOXTffn/ OC/z/Lvr/P+nXKxSn4d0jbsCAJACxcXpd16mBgKlEkix+p1vZy7FDiIFAPDknl5Gb4UbEmLTFS52 m3ybEUQKAOAjvNvkZeh5y5EvoYJIAQCBio60h8CHUPWIgxYb/L5KPFwAP9sCAByDtyMKlCpUX11H /3oVUZnLWLL8nW/wMd/w0kGgqG095NtaX0DvVB22tSVlRx7OBUDWU94++5+0Ny5Ur3m5d/nylTzg sdwIxb2VuKgCdchX38OTJyZO/NxDD1vjAsWHcp/RmsAR6iqvoz+ZW5K8Ok9qavndgUtUVTqpWPOZ edGzm5/8RPOJuHBnh99xUfPtgdOohpY2UBdMCPad/O3dyEnqRd615+HDuDf5/h8Mr3ukuQZJ7ZrV t9GvuTpdh0Jdc4T158LUUqAST67rtTAqjiKla+Bh0QjNwr42ZY2UhrVxdB4DeeG6CsSV0vA2ys0Y 56/FsgfINAIxP1Jl4vtfNTZ+ce6xgUBP5efLyXZb4jMb5fenvMxa7uVGez3BKbooLk6mI3m8zt8W nZVIfm867j0sOkPLzsx0dG/k+eTLhuMjNJp7unmzht4ianGHVK+UyND2al9Eo1dtc/V93sMsjc/v ZfQqxdnGQQ4Lmy/EDVwmQwsXtdi7adGx+XDKI9svNImUavP7BmHZhDj5VKuq/kIjH8Ta95pn0FJh 0sA698Y/L0K7dU0khVtTBbWL0Lw6htng/Lmz+OzNEdqsdb1renZvLRtBoChgYqGQieWJZYVym6ET AH7svyxdlHqumSKA5ZT/Z8I9hkSY1IUnwpGG+3MW+4wb8gY/GM89HfKNuJelA0zQZi8OG5EYSse+ qqQVutaZsOh0LTrxJpH6T4YeEyU/Qj88KBp5WLOKeneiwhO7Mw83YeGQwJ0Sx54poVZcEyk61Np2 Onpuq19GVMVKNHZ9qUmwJ8V9q0/a69tWFvBXYOuGxh1de9MxGNe7a21jpw/YxEWlZzMnSkwdUG/c sxTpTOkB2m8WnZS2ZWthwbPWEUCR9H8k3onQZi8INW1wJkLZ0+ZIXkZLRZi4m5gpJx4RFtIl5Ink 6JqJ2xh4vGAx4UoyeW5r5fynjE5ufyZRQ1jdds0SwqFFrHl6yTT//BQt+6Jd1EkcR9vo3kr5PSDc RFzr2U3nVanbFmJnUnz1LNT2FhqxDVsTzn6e/I5qzrQZm/xbgnYKHHisjEQPPnvn1629b71iTysN MiBCwMUZPdIR18Ksargm8jXN50/nvro9TS7CT2YhUgCY4T7Zdrvv1EWZMLt8c6fO0mRlzpXiNqoT sqj5Q67hUMa6Jp3t4/Nh7RjE8L56XFX6yoS0reJ84iJMdMlNCdGfW1auf87Q7oPzZPMndtouUnym uchNhIoDSRidz3Ht9befbCWpfItpOFmdjrFSRIoLzU+Zz3uvuKAvROjcr3znjtFTBZYtrmrI6KQ4 JcqhhUN70o62imPfoN2eHQn7vAeLvTg60xnnq1rDEI4jaPncaSIa7LjDFsb7kRLxEPCW/IyYEb6R Rd1fVHnvjdGTYcWDxof8qrkjOkRUmTfaeHBJvHvazpaoq6nBa9Yhp+kfYniWrinQOJGk4wOmgcUs 6G3HvNfYw03i518O/T9IofEZTvHzo2aurwnBeZNzoepOViTyp0Rom3qaLgHOizWzX71Add+3RfsT neObFKyBfK3snNdMLM+UKSsm/LDdoZmTEoLQNmLX1UVVnUVbcR9Bo2dsLw+eo6NKPewa7x+VEY39 VrqezIM4LWVF2BL3ImV03o9XAr4I/u6giCU5hmQ4By4PUae6dE6rvUEQcyETmRrI9ukhsf1F5bWZ Jn3hzUmVlXrcqK72i+P9qRHAiWOYuiDOn29rVhHyWVGEewkVMb1TcgGpst9UXkcTN/rI9EuztLF0 WswQ/C0smPvKIV9q6YbqfLuPR8VCJb1S1jvrdm8uUmJy5wNxcnynLivurZj/xd9NoGbHJwbnzx9X SRSh4SN5z7UL/9FbrSs3alYTKdfHgISFHkj3NLHsGLCYHtwUHwwbMbcEOo8g/pX1O5ZiNJUThbfs Y1WQeWXycCzr3qPL4fYarH+iOblMNvRA9v4LTW6DC9G74hbY3iqKhuZyoVJN2JJqQr2QcE2JxX6f WD3xGBi6wsT4OM1D8EeZi+Jif6NxVu9M5PHWLedmc11ShIxnzQNzX51zavBaoBiae9c8MhYpA+BS MV8wciAfq9p1SC88uB4m/qQVAJcc9n2MUB+LTgIFkQIAQnVMoeosUBApAEApVHwKTeppi+WfsPMi fhApAIDPuX5C8DxOcenh7gAApFCJuX58Wo2YE8hH8U3m4nEHxkeOF8dY6RWjewCAZj6eqqBWCBHz AbEENQAAAAAAAAAAAAAAAAAAAAAAAAAAAAB0Y7fb9fMS4EoAAE5MmwKuT/yHXfEDAACcnoHa/S/A ANCM57qVhzX7AAAAAElFTkSuQmCC --_004_c5b0ce93c5ee4aafbad20039a5e7279dvlgums05Megafonru_--
On 11/17/2016 10:44 AM, vasily.lamykin@MegaFon.ru wrote:
I create user in internal domain by ovirt-aaa-jdbc-tool, next, I grant him super-user role on cluster.
Your user have to have permissions on system. Because storage is system level object before assigned to DC.
User can provide super-user operations, but he can’t add storage domain.
I also grant to user storage-admin rights, but problem persist anyway.
In web I see:
Error while executing action: User is not authorized to perform this action.
In ovirt-engine/engine.log I see:
WARN [org.ovirt.engine.core.bll.storage.connection.AddStorageServerConnectionCommand] (default task-79) [50876bd2] Validation of action 'AddStorageServerConnection' failed for user test-user@internal-authz. Reasons: VAR__ACTION__ADD,VAR__TYPE__STORAGE__CONNECTION,USER_NOT_AUTHORIZED_TO_PERFORM_ACTION
*Ламыкин Василий*
Старший инженер по эксплуатации сервисных платформ
Столичный ф-ал ПАО "МегаФон
+7 (926) 500-3308
МегаФон лого+знак РУС B2C
------------------------------------------------------------------------
Информация в этом сообщении предназначена исключительно для конкретных лиц, которым она адресована. В сообщении может содержаться конфиденциальная информация, которая не может быть раскрыта или использована кем-либо, кроме адресатов. Если вы не адресат этого сообщения, то использование, переадресация, копирование или распространение содержания сообщения или его части незаконно и запрещено. Если Вы получили это сообщение ошибочно, пожалуйста, незамедлительно сообщите отправителю об этом и удалите со всем содержимым само сообщение и любые возможные его копии и приложения.
The information contained in this communication is intended solely for the use of the individual or entity to whom it is addressed and others authorized to receive it. It may contain confidential or legally privileged information. The contents may not be disclosed or used by anyone other than the addressee. If you are not the intended recipient(s), any use, disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it is prohibited and may be unlawful. If you have received this communication in error please notify us immediately by responding to this email and then delete the e-mail and all attachments and any copies thereof.
(c)20mf50
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
I think it is not good. We need to give rights on the system, but in a way the user gets the right to operate in addition to its other clusters storage domains. Thanks for your answer Ламыкин Василий Старший инженер по эксплуатации сервисных платформ Столичный ф-ал ПАО "МегаФон +7 (926) 500-3308 -----Original Message----- From: Ondra Machacek [mailto:omachace@redhat.com] Sent: Thursday, November 17, 2016 1:37 PM To: Vasily Lamykin (MSK) <vasily.lamykin@MegaFon.ru>; users@ovirt.org Subject: Re: [ovirt-users] user permission for add storage domain On 11/17/2016 10:44 AM, vasily.lamykin@MegaFon.ru wrote:
I create user in internal domain by ovirt-aaa-jdbc-tool, next, I grant him super-user role on cluster.
Your user have to have permissions on system. Because storage is system level object before assigned to DC.
User can provide super-user operations, but he can’t add storage domain.
I also grant to user storage-admin rights, but problem persist anyway.
In web I see:
Error while executing action: User is not authorized to perform this action.
In ovirt-engine/engine.log I see:
WARN [org.ovirt.engine.core.bll.storage.connection.AddStorageServerConnecti onCommand] (default task-79) [50876bd2] Validation of action 'AddStorageServerConnection' failed for user test-user@internal-authz. Reasons: VAR__ACTION__ADD,VAR__TYPE__STORAGE__CONNECTION,USER_NOT_AUTHORIZED_TO _PERFORM_ACTION
*Ламыкин Василий*
Старший инженер по эксплуатации сервисных платформ
Столичный ф-ал ПАО "МегаФон
+7 (926) 500-3308
МегаФон лого+знак РУС B2C
---------------------------------------------------------------------- --
Информация в этом сообщении предназначена исключительно для конкретных лиц, которым она адресована. В сообщении может содержаться конфиденциальная информация, которая не может быть раскрыта или использована кем-либо, кроме адресатов. Если вы не адресат этого сообщения, то использование, переадресация, копирование или распространение содержания сообщения или его части незаконно и запрещено. Если Вы получили это сообщение ошибочно, пожалуйста, незамедлительно сообщите отправителю об этом и удалите со всем содержимым само сообщение и любые возможные его копии и приложения.
The information contained in this communication is intended solely for the use of the individual or entity to whom it is addressed and others authorized to receive it. It may contain confidential or legally privileged information. The contents may not be disclosed or used by anyone other than the addressee. If you are not the intended recipient(s), any use, disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it is prohibited and may be unlawful. If you have received this communication in error please notify us immediately by responding to this email and then delete the e-mail and all attachments and any copies thereof.
(c)20mf50
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
________________________________ Информация в этом сообщении предназначена исключительно для конкретных лиц, которым она адресована. В сообщении может содержаться конфиденциальная информация, которая не может быть раскрыта или использована кем-либо, кроме адресатов. Если вы не адресат этого сообщения, то использование, переадресация, копирование или распространение содержания сообщения или его части незаконно и запрещено. Если Вы получили это сообщение ошибочно, пожалуйста, незамедлительно сообщите отправителю об этом и удалите со всем содержимым само сообщение и любые возможные его копии и приложения. The information contained in this communication is intended solely for the use of the individual or entity to whom it is addressed and others authorized to receive it. It may contain confidential or legally privileged information. The contents may not be disclosed or used by anyone other than the addressee. If you are not the intended recipient(s), any use, disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it is prohibited and may be unlawful. If you have received this communication in error please notify us immediately by responding to this email and then delete the e-mail and all attachments and any copies thereof. (c)20mf50
participants (2)
-
Ondra Machacek -
vasily.lamykin@MegaFon.ru