Re: [ovirt-users] User with SuperAdmin Role has not MANIPULATE_STORAGE_DOMAIN

18 Feb 2016


      --=-y29ZL6CL9AL3fnqPHcJy
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

Le mercredi 13 janvier 2016 =C3=A0 14:37 +0100, Kevin C a =C3=A9crit=C2=A0:
...
=20
Le 12/01/2016 16:57, Maor Lipchuk a =C3=A9crit :
...
...
From: "Kevin COUSIN" <kevin@famillecousin.fr>
To: "Maor Lipchuk" <mlipchuk@redhat.com>
Cc: "users" <users@ovirt.org>, "Oved Ourfali" <oourfali@redhat.co
m>
Sent: Tuesday, January 12, 2016 5:06:22 PM
Subject: Re: [ovirt-users] User with SuperAdmin Role has not
MANIPULATE_STORAGE_DOMAIN
=20
I set SuperAdmin Role on a group.
It dosen't work with StorageAdmin role.
I can't add set roles with my directory account, I need to use ad
min@internal
account.
=20
Which DC are you trying to attach the Storage Domain?
=20
I try to attach the Storage Domain to the Default DC (I have only one
DC).
=20
=C2=A0From the attached print screens it looks like the DC you have
----- Original Message -----
permissions on are infra and local.
infra.local is our AD realm.
=20
Also, Which oVirt version are you using?
I am using oVirt 3.6.1.
=20
If it is possible can you please send print screens with the
permissions of the user and the permissions on the Data Center?
You have print screens attached but I think you're right. I set roles
on=C2=A0
a group, and I can see my user has not Admin role defined desipte my=C2=
=A0
user is on the group (I can login with this user, create VM...).
=20
I confirm. If I set SuperAdmin role on user, I can attach my storage.
Roles can not be applied from groups from my users are ?
Regards
...
...
=20
Thanks,
Maor
Regards,
=20
Kevin C
=20
=20
...
------------------------
=20
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0COUSIN Kevin
=20
----- Mail original -----
...
De: "Maor Lipchuk" <mlipchuk@redhat.com>
=C3=80: "Kevin C" <kevin@famillecousin.fr>
Cc: "users" <users@ovirt.org>, "Oved Ourfali" <oourfali@redhat.
com>
Envoy=C3=A9: Mardi 12 Janvier 2016 13:57:16
Objet: Re: [ovirt-users] User with SuperAdmin Role has not
MANIPULATE_STORAGE_DOMAIN
----- Original Message -----
...
From: "Kevin C" <kevin@famillecousin.fr>
To: "Maor Lipchuk" <mlipchuk@redhat.com>
Cc: "users" <users@ovirt.org>, "Oved Ourfali" <oourfali@redha
t.com>
Sent: Monday, January 11, 2016 11:04:11 AM
Subject: Re: [ovirt-users] User with SuperAdmin Role has not
MANIPULATE_STORAGE_DOMAIN
=20
=20
=20
Le 09/01/2016 16:09, Maor Lipchuk a =C3=A9crit :
...
Hi Kevin,
=20
Does it still reproduce after the permissions were set?
=20
Regards,
Maor
=20
Hi Maor,
=20
Yes it does, I just try it with another Domain.
=20
Regards
=20
Which role have you added to your user? Can u please try to
edit the role
which
you have added to your user, does the role "Configure Storage
Domain" is
marked
(See attached screenshot).
Can you please try to add to the user the role StorageAdmin
(See second
attached
screenshot)
=20
Regards,
Maor
=20

=20
Kevin C
=20
=20
...
----- Original Message -----
> From: "Oved Ourfali" <oourfali@redhat.com>
> To: "Kevin C" <kevin@famillecousin.fr>
> Cc: "users" <users@ovirt.org>
> Sent: Friday, January 8, 2016 1:20:53 PM
> Subject: Re: [ovirt-users] User with SuperAdmin Role has
> not
> 	MANIPULATE_STORAGE_DOMAIN
>=20
>=20
>=20
> CC-ing someone from the storage team to take a look.
> On Jan 7, 2016 6:43 PM, "Kevin C" < kevin@famillecousin.f
> r > wrote:
>=20
>=20
>=20
> Hi,
>=20
> I set it on "system" level, on right upper side.
>=20
> Regards,
>=20
> Le 07/01/2016 17:39, Oved Ourfali a =C3=A9crit :
>=20
>=20
>=20
>=20
> Permissions in ovirt are composed of the role,
> user/group, and object.
>=20
> I guess you refer to the SuperUser role. Question is what
> object you've
> granted it on.
>=20
> In order to have a permission on "system" level, you gave
> to go to the
> configure dialog (see right upper side of your screen).
>=20
> Regards,
> Oved Ourfali
> Hi list,
>=20
> I set the SuperAdmin Role on a AD group. I use my account
> in this group
> to
> use oVirt. I try today to add an Export Domain but I
> failed with this
> error
> in log :
>=20
> 2016-01-07 16:46:28,883 INFO
> [org.ovirt.engine.core.bll.storage.AttachStorageDomainToP
> oolCommand]
> (default task-1) [68d5410a] No permission found for user
> '8ac67747-110c-4125-86f1-1f52ca0e7705' or one of the
> groups he is
> member
> of,
> when running action 'AttachStorageDomainToPool', Required
> permissions
> are:
> Action type: 'ADMIN' Action group:
> 'MANIPULATE_STORAGE_DOMAIN' Object
> type:
> 'Storage' Object ID: 'c7dee64d-a27e-446e-8656-
> cef2d8ea42a6'.
>=20
>=20
> Where can I set the good permission ?
>=20
> Thanks a lot
> ---
> Kevin C
> _______________________________________________
> Users mailing list
> Users@ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
>=20
>=20
>=20
>=20
> _______________________________________________
> Users mailing list
> Users@ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
>=20
=20
--=-y29ZL6CL9AL3fnqPHcJy
Content-Type: application/x-pkcs7-signature; name="smime.p7s"
Content-Disposition: attachment; filename="smime.p7s"
Content-Transfer-Encoding: base64
MIAGCSqGSIb3DQEHAqCAMIACAQExDzANBglghkgBZQMEAgEFADCABgkqhkiG9w0BBwEAAKCCEeww
ggXiMIIDyqADAgECAhBrp4p9CteI1lEK+Vnk57ThMA0GCSqGSIb3DQEBCwUAMH0xCzAJBgNVBAYT
AklMMRYwFAYDVQQKEw1TdGFydENvbSBMdGQuMSswKQYDVQQLEyJTZWN1cmUgRGlnaXRhbCBDZXJ0
aWZpY2F0ZSBTaWduaW5nMSkwJwYDVQQDEyBTdGFydENvbSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0
eTAeFw0xNTEyMTYwMTAwMDVaFw0zMDEyMTYwMTAwMDVaMHUxCzAJBgNVBAYTAklMMRYwFAYDVQQK
Ew1TdGFydENvbSBMdGQuMSkwJwYDVQQLEyBTdGFydENvbSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0
eTEjMCEGA1UEAxMaU3RhcnRDb20gQ2xhc3MgMSBDbGllbnQgQ0EwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC9fdr3w6J9g/Zbgv3bW1+uHht1wLUZr5gkrLtXedg17AkefMyUGwrQdvwO
bhajcVmnKVxhrUwkZPXRAwZZosRHfEIi5FH7x6SV/8Sp5lZEuiMnvMFG2MzLA84J6Ws5T4NfXZ0q
n4TPgnr3X2vPVS51M7Ua9nIJgn8jvTra4eyyQzxvuA/GZwKg7VQfDCmCS+kICslYYWgXOMt2xlsS
slxLce0CGWRsT8EpMyt1iDflSjXZIsE7m1uTyHaKZspMLyIyz6mySu8j8BWWHpChNNeTrFuhVfrO
AyDPFJVUvKZCLKBhibTLloyy+LatoWELrjdI4a8StZY8+dIR9t4APXGzAgMBAAGjggFkMIIBYDAO
BgNVHQ8BAf8EBAMCAQYwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMEMBIGA1UdEwEB/wQI
MAYBAf8CAQAwMgYDVR0fBCswKTAnoCWgI4YhaHR0cDovL2NybC5zdGFydHNzbC5jb20vc2ZzY2Eu
Y3JsMGYGCCsGAQUFBwEBBFowWDAkBggrBgEFBQcwAYYYaHR0cDovL29jc3Auc3RhcnRzc2wuY29t
MDAGCCsGAQUFBzAChiRodHRwOi8vYWlhLnN0YXJ0c3NsLmNvbS9jZXJ0cy9jYS5jcnQwHQYDVR0O
BBYEFCSBbDlhvkkPj7cbRivJKLUnSG1oMB8GA1UdIwQYMBaAFE4L7xqkQFulF2mHMMo0aEPQQa7y
MD8GA1UdIAQ4MDYwNAYEVR0gADAsMCoGCCsGAQUFBwIBFh5odHRwOi8vd3d3LnN0YXJ0c3NsLmNv
bS9wb2xpY3kwDQYJKoZIhvcNAQELBQADggIBAIvj94fsAYuErQ8BAluc4SMnIwS9NPBwAm5SH9uh
2NCXTq7im61g7F1LIiNI/+wq37fUuaMbz4g7VarKQTgf8ubs0p7NZWcIe7Bvem2AWaXBsxsaRTYw
5kG3DN8pd1hSEUuFoTa7DmNeFe8tiK1BrL3rbA/m48jp4AiFXgvxprJrW7izsyetOrRHPbkW4Y07
v29MdhaPv3u1JELyszXqOzjIYo4sWlC8iDQXwgSW/ntvWy2n4LuiaozlCfXl149tKeqvwlvrla2Y
klue/quWp9j9ou4T/OY0CXMuY+B8wNK0ohd2D4ShgFlMSjzAFRoHGKF81snTr2d1A7Ew02oF6UQy
CkC2aNNsK5cWOojBar5c7HplX9aHYUCZouxIeU28SONJAxnATgR4cJ2jrpmYSz/kliUJ46S6UpVD
o/ebn9c6PaM/XtDYCCaM/7XX6wc3s++sbQ7CtCn1Ax7df6ufQbwyO0V+oFa9H0KAsjHMzcwk3EV2
B2NLatidKE/m7G+rB9m+FlVgIiSp0mGlg43QO9Kh1+JqvTCIzv2bJJkmPMLQJNuKKwHNL8F4GGp6
jbAV+WL+LDeGfVcq8DHS3LrD+xyYEXQBiqZEdiPVOMxLDSUCXsDO0uCWpaNQ8j6y6S9p0xE/Ga0p
eVLadVHhqf9nXqKaxnr358VgfrxzUIrvOaOjMIIF/zCCBOegAwIBAgIQTLnfP04vlkvqxMUZU04a
zjANBgkqhkiG9w0BAQsFADB1MQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLjEp
MCcGA1UECxMgU3RhcnRDb20gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxIzAhBgNVBAMTGlN0YXJ0
Q29tIENsYXNzIDEgQ2xpZW50IENBMB4XDTE2MDIwMzA5NDQ1N1oXDTE3MDIwMzA5NDQ1N1owSDEf
MB0GA1UEAwwWa2V2aW5AZmFtaWxsZWNvdXNpbi5mcjElMCMGCSqGSIb3DQEJARYWa2V2aW5AZmFt
aWxsZWNvdXNpbi5mcjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAM7aVEpOkTQPuDSV
lEcQ9J3Pjb+XrzJeE5nFDTD3uLfVZ5bXEsHlGJtgzS0AIT5dCgtyAO44QL8HQY/qOnyNU3/DSQIq
0c2BV/AJt9qrGdInhD32LfsyaIGyEUS1KYY++SfndVwWGxy2ZAtaqlwGSuR19mTwv4BCD0IqSLbo
ANo8xR+Hy6A10BzHRBklNhMPerWxySzSNC4YMQXDwQWe9cWqm1TcvOZmnYh/O0HCjirbNcA5gpgq
cimNC6YTHEsfvLzpnbi53QdJC4gobRaQKw5MuMDDMOgOZVNGaKe8MVrVelyDFbXo4VNk5CbTcXP2
YK3Lbeuu/krCbYIN6CxioW9obxIMVzCbjA4z+6CqFJNc1Qv389vMF/WkeghZQOJL5JE/zB0NFgrq
hriPmX1IEA/kW/MSBWujjFwxkS3p7V/Kg98mioCBerDEuU4k77y5NuOif42e1ssKWweRoi54kfzp
m/DHigfzBoqowo2pudiEuMc91ta3CtgOBqEZSiQBYqS8biHChCXZv3me6Gf8WPaqyN0OwnCD+lOx
dGKd56yHHKZyfT0b/RSfJ89uWls7+Ou47sXAa7IjKRLyirqEKjmC4Efl+pAsxbMoV4ZgWIAr8/VM
x1pzwoUFbdla2jYttvOEWog/c1Ss+1/WJM+Lre9ItC+LN8iKKrT7fZfKy0f9AgMBAAGjggG2MIIB
sjALBgNVHQ8EBAMCBLAwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMEMAkGA1UdEwQCMAAw
HQYDVR0OBBYEFFZg5P1hZz/039cwy9+ThVfL+w6kMB8GA1UdIwQYMBaAFCSBbDlhvkkPj7cbRivJ
KLUnSG1oMG8GCCsGAQUFBwEBBGMwYTAkBggrBgEFBQcwAYYYaHR0cDovL29jc3Auc3RhcnRzc2wu
Y29tMDkGCCsGAQUFBzAChi1odHRwOi8vYWlhLnN0YXJ0c3NsLmNvbS9jZXJ0cy9zY2EuY2xpZW50
MS5jcnQwOAYDVR0fBDEwLzAtoCugKYYnaHR0cDovL2NybC5zdGFydHNzbC5jb20vc2NhLWNsaWVu
dDEuY3JsMCEGA1UdEQQaMBiBFmtldmluQGZhbWlsbGVjb3VzaW4uZnIwIwYDVR0SBBwwGoYYaHR0
cDovL3d3dy5zdGFydHNzbC5jb20vMEYGA1UdIAQ/MD0wOwYLKwYBBAGBtTcBAgQwLDAqBggrBgEF
BQcCARYeaHR0cDovL3d3dy5zdGFydHNzbC5jb20vcG9saWN5MA0GCSqGSIb3DQEBCwUAA4IBAQC0
QbMzgSfJicGx8BJneSYlo7ZxeMKKSWb8wXBj3rwCKrR1uiVx8fVIt5x/Hl1F3dZ6aVoF+dzTvUIA
qTovD5ACumfqhu6qb1TiHRaCQr9tKBN6Cb5Du11muun5k5T17tFWD8qPi7u4iZCOGrynd3uWv9Dl
T9a0LY6yL+GeIiIVwq8DyDHE7sqCiN+S9iL4Zkho7pS4l7mIW71JNqKZZgOANpzbCFw4lJc2NMhR
GlcVdwdJeHpZyW5vpHxmNjWQ+ptaBfKaWOFO5r5na5wF2QOsbICq6e8IKNsliY9hlZnRzu32AzLj
GXnmUfy+JF1+gOpSsxpzMGi+axBmxxV0gWCNMIIF/zCCBOegAwIBAgIQTLnfP04vlkvqxMUZU04a
zjANBgkqhkiG9w0BAQsFADB1MQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLjEp
MCcGA1UECxMgU3RhcnRDb20gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxIzAhBgNVBAMTGlN0YXJ0
Q29tIENsYXNzIDEgQ2xpZW50IENBMB4XDTE2MDIwMzA5NDQ1N1oXDTE3MDIwMzA5NDQ1N1owSDEf
MB0GA1UEAwwWa2V2aW5AZmFtaWxsZWNvdXNpbi5mcjElMCMGCSqGSIb3DQEJARYWa2V2aW5AZmFt
aWxsZWNvdXNpbi5mcjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAM7aVEpOkTQPuDSV
lEcQ9J3Pjb+XrzJeE5nFDTD3uLfVZ5bXEsHlGJtgzS0AIT5dCgtyAO44QL8HQY/qOnyNU3/DSQIq
0c2BV/AJt9qrGdInhD32LfsyaIGyEUS1KYY++SfndVwWGxy2ZAtaqlwGSuR19mTwv4BCD0IqSLbo
ANo8xR+Hy6A10BzHRBklNhMPerWxySzSNC4YMQXDwQWe9cWqm1TcvOZmnYh/O0HCjirbNcA5gpgq
cimNC6YTHEsfvLzpnbi53QdJC4gobRaQKw5MuMDDMOgOZVNGaKe8MVrVelyDFbXo4VNk5CbTcXP2
YK3Lbeuu/krCbYIN6CxioW9obxIMVzCbjA4z+6CqFJNc1Qv389vMF/WkeghZQOJL5JE/zB0NFgrq
hriPmX1IEA/kW/MSBWujjFwxkS3p7V/Kg98mioCBerDEuU4k77y5NuOif42e1ssKWweRoi54kfzp
m/DHigfzBoqowo2pudiEuMc91ta3CtgOBqEZSiQBYqS8biHChCXZv3me6Gf8WPaqyN0OwnCD+lOx
dGKd56yHHKZyfT0b/RSfJ89uWls7+Ou47sXAa7IjKRLyirqEKjmC4Efl+pAsxbMoV4ZgWIAr8/VM
x1pzwoUFbdla2jYttvOEWog/c1Ss+1/WJM+Lre9ItC+LN8iKKrT7fZfKy0f9AgMBAAGjggG2MIIB
sjALBgNVHQ8EBAMCBLAwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMEMAkGA1UdEwQCMAAw
HQYDVR0OBBYEFFZg5P1hZz/039cwy9+ThVfL+w6kMB8GA1UdIwQYMBaAFCSBbDlhvkkPj7cbRivJ
KLUnSG1oMG8GCCsGAQUFBwEBBGMwYTAkBggrBgEFBQcwAYYYaHR0cDovL29jc3Auc3RhcnRzc2wu
Y29tMDkGCCsGAQUFBzAChi1odHRwOi8vYWlhLnN0YXJ0c3NsLmNvbS9jZXJ0cy9zY2EuY2xpZW50
MS5jcnQwOAYDVR0fBDEwLzAtoCugKYYnaHR0cDovL2NybC5zdGFydHNzbC5jb20vc2NhLWNsaWVu
dDEuY3JsMCEGA1UdEQQaMBiBFmtldmluQGZhbWlsbGVjb3VzaW4uZnIwIwYDVR0SBBwwGoYYaHR0
cDovL3d3dy5zdGFydHNzbC5jb20vMEYGA1UdIAQ/MD0wOwYLKwYBBAGBtTcBAgQwLDAqBggrBgEF
BQcCARYeaHR0cDovL3d3dy5zdGFydHNzbC5jb20vcG9saWN5MA0GCSqGSIb3DQEBCwUAA4IBAQC0
QbMzgSfJicGx8BJneSYlo7ZxeMKKSWb8wXBj3rwCKrR1uiVx8fVIt5x/Hl1F3dZ6aVoF+dzTvUIA
qTovD5ACumfqhu6qb1TiHRaCQr9tKBN6Cb5Du11muun5k5T17tFWD8qPi7u4iZCOGrynd3uWv9Dl
T9a0LY6yL+GeIiIVwq8DyDHE7sqCiN+S9iL4Zkho7pS4l7mIW71JNqKZZgOANpzbCFw4lJc2NMhR
GlcVdwdJeHpZyW5vpHxmNjWQ+ptaBfKaWOFO5r5na5wF2QOsbICq6e8IKNsliY9hlZnRzu32AzLj
GXnmUfy+JF1+gOpSsxpzMGi+axBmxxV0gWCNMYIEXjCCBFoCAQEwgYkwdTELMAkGA1UEBhMCSUwx
FjAUBgNVBAoTDVN0YXJ0Q29tIEx0ZC4xKTAnBgNVBAsTIFN0YXJ0Q29tIENlcnRpZmljYXRpb24g
QXV0aG9yaXR5MSMwIQYDVQQDExpTdGFydENvbSBDbGFzcyAxIENsaWVudCBDQQIQTLnfP04vlkvq
xMUZU04azjANBglghkgBZQMEAgEFAKCCAaUwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkq
hkiG9w0BCQUxDxcNMTYwMjE4MTI0MTE5WjAvBgkqhkiG9w0BCQQxIgQgIb54ZsmEYV22Fqs+ASN3
HcmtEiyKofHSnse4ATpREDYwgZoGCSsGAQQBgjcQBDGBjDCBiTB1MQswCQYDVQQGEwJJTDEWMBQG
A1UEChMNU3RhcnRDb20gTHRkLjEpMCcGA1UECxMgU3RhcnRDb20gQ2VydGlmaWNhdGlvbiBBdXRo
b3JpdHkxIzAhBgNVBAMTGlN0YXJ0Q29tIENsYXNzIDEgQ2xpZW50IENBAhBMud8/Ti+WS+rExRlT
ThrOMIGcBgsqhkiG9w0BCRACCzGBjKCBiTB1MQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3RhcnRD
b20gTHRkLjEpMCcGA1UECxMgU3RhcnRDb20gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxIzAhBgNV
BAMTGlN0YXJ0Q29tIENsYXNzIDEgQ2xpZW50IENBAhBMud8/Ti+WS+rExRlTThrOMA0GCSqGSIb3
DQEBAQUABIICAKCfKjo3EICql6PCKgBiag7lXW2RAxoTYq6+8PIqsGpcBeqCWSTejoDpXgPNu/I2
mqlH86nXMjGxvya6DW3IZjAwldnUFnrpciPwZVXH0sT6R+xojb3sQ11PV3YVDoclcToIX9KUWR2/
1XRdKKPWi5uURb/S2EHFwwm0NHTalZLtjqbdtgW+bzDHZ6vJaT0UU1Ut+gkArJEGp3qNnw9FVf3I
GmGpJG59hUlmkEIHVvcIOwW022Lt+bsePGjHcirYpeu++3vsPygM4/pVPn5CMA3O/qx85wqF9iZ7
lkf08iX6EN8nTapRviYgCoe8rSZC6fOyzlbtZYhO/AuhIRCxf84Z00njCUGb0G1PojxgVDmg1cem
AQT6fhQKyhpn7Ma995KaZ4yYF0j42Qz81zFKs7ygq8hC3vy3e4kO0tCBGqToTePLBJoZ4JuWtk9L
2aC0vaSmi9Opi9mQD+Tm5rTeV3XP86jV4BFogIE/UaT91/nJpGn1XhV6uMD0ZnbfXhvGS0z0aUAN
bsP59TfkOe2ldA3vbPBSv/njmlUD4c7U/TDFlw6mzEAhf921bvCXtI/qQoLcA28MA5f0t1M3ik5k
U4M48tCESbyCgiAIuhFmiGUeKTs3V4LS8H9W/t0PxaSqnmYtaSfY35tugp1zNsVU5O35ra9bLAeZ
C6OB1H+vRaHBAAAAAAAA


--=-y29ZL6CL9AL3fnqPHcJy--

Kevin C

tags

participants (1)