6:53 p.m.
--_000_CO2PR0801MB0743929DD095EC7F311FF50CA6870CO2PR0801MB0743_
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
SGVsbG8sDQoNClRoZXJlIHNlZW1zIHRvIGJlIGFuIGlzc3VlIHdpdGggYXNzaWduaW5nIHBlcm1p
c3Npb25zLiBXaGVuIGNyZWF0aW5nIGEgdXNlciwgaWYgdGhlIHVzZXIgaGFzIOKAnGNyZWF0ZeKA
nSBmdW5jdGlvbmFsaXR5IGZvciBhIFZNLCB0aGV5IGNhbiBhbHNvIGRlbGV0ZSB0aGUgVk0gZXZl
biBpZiDigJxkZWxldGXigJ0gaXMgbm90IGNoZWNrZWQuIElzIHRoaXMgYnkgZGVzaWduIG9yIHBl
cmhhcHMgc29tZXRoaW5nIHRoYXQgd2FzIG92ZXJsb29rZWQ/IEVzc2VudGlhbGx5LCBJIHdhbnQg
YSB1c2VyIHRoYXQgY2FuIGFkZC9tb2RpZnkgYnV0IG5vdCBkZWxldGUuDQo=
--_000_CO2PR0801MB0743929DD095EC7F311FF50CA6870CO2PR0801MB0743_
Content-Type: text/html; charset="utf-8"
Content-ID:
<DC64F7F212DFA245AC8E6143077C4E48(a)sct-15-1-659-11-msonline-outlook-7ade0.templateTenant>
Content-Transfer-Encoding: base64
PGh0bWwgeG1sbnM6bz0idXJuOnNjaGVtYXMtbWljcm9zb2Z0LWNvbTpvZmZpY2U6b2ZmaWNlIiB4
bWxuczp3PSJ1cm46c2NoZW1hcy1taWNyb3NvZnQtY29tOm9mZmljZTp3b3JkIiB4bWxuczptPSJo
dHRwOi8vc2NoZW1hcy5taWNyb3NvZnQuY29tL29mZmljZS8yMDA0LzEyL29tbWwiIHhtbG5zPSJo
dHRwOi8vd3d3LnczLm9yZy9UUi9SRUMtaHRtbDQwIj4NCjxoZWFkPg0KPG1ldGEgaHR0cC1lcXVp
dj0iQ29udGVudC1UeXBlIiBjb250ZW50PSJ0ZXh0L2h0bWw7IGNoYXJzZXQ9dXRmLTgiPg0KPG1l
dGEgbmFtZT0iR2VuZXJhdG9yIiBjb250ZW50PSJNaWNyb3NvZnQgV29yZCAxNSAoZmlsdGVyZWQg
bWVkaXVtKSI+DQo8c3R5bGU+PCEtLQ0KLyogRm9udCBEZWZpbml0aW9ucyAqLw0KQGZvbnQtZmFj
ZQ0KCXtmb250LWZhbWlseToiQ2FtYnJpYSBNYXRoIjsNCglwYW5vc2UtMToyIDQgNSAzIDUgNCA2
IDMgMiA0O30NCkBmb250LWZhY2UNCgl7Zm9udC1mYW1pbHk6Q2FsaWJyaTsNCglwYW5vc2UtMToy
IDE1IDUgMiAyIDIgNCAzIDIgNDt9DQovKiBTdHlsZSBEZWZpbml0aW9ucyAqLw0KcC5Nc29Ob3Jt
YWwsIGxpLk1zb05vcm1hbCwgZGl2Lk1zb05vcm1hbA0KCXttYXJnaW46MGluOw0KCW1hcmdpbi1i
b3R0b206LjAwMDFwdDsNCglmb250LXNpemU6MTEuMHB0Ow0KCWZvbnQtZmFtaWx5OiJDYWxpYnJp
IixzYW5zLXNlcmlmO30NCmE6bGluaywgc3Bhbi5Nc29IeXBlcmxpbmsNCgl7bXNvLXN0eWxlLXBy
aW9yaXR5Ojk5Ow0KCWNvbG9yOmJsdWU7DQoJdGV4dC1kZWNvcmF0aW9uOnVuZGVybGluZTt9DQph
OnZpc2l0ZWQsIHNwYW4uTXNvSHlwZXJsaW5rRm9sbG93ZWQNCgl7bXNvLXN0eWxlLXByaW9yaXR5
Ojk5Ow0KCWNvbG9yOiM5NTRGNzI7DQoJdGV4dC1kZWNvcmF0aW9uOnVuZGVybGluZTt9DQouTXNv
Q2hwRGVmYXVsdA0KCXttc28tc3R5bGUtdHlwZTpleHBvcnQtb25seTt9DQpAcGFnZSBXb3JkU2Vj
dGlvbjENCgl7c2l6ZTo4LjVpbiAxMS4waW47DQoJbWFyZ2luOjEuMGluIDEuMGluIDEuMGluIDEu
MGluO30NCmRpdi5Xb3JkU2VjdGlvbjENCgl7cGFnZTpXb3JkU2VjdGlvbjE7fQ0KLS0+PC9zdHls
ZT4NCjwvaGVhZD4NCjxib2R5IGxhbmc9IkVOLVVTIiBsaW5rPSJibHVlIiB2bGluaz0iIzk1NEY3
MiI+DQo8ZGl2IGNsYXNzPSJXb3JkU2VjdGlvbjEiPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+SGVs
bG8sPC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PG86cD4mbmJzcDs8L286cD48L3A+DQo8cCBj
bGFzcz0iTXNvTm9ybWFsIj5UaGVyZSBzZWVtcyB0byBiZSBhbiBpc3N1ZSB3aXRoIGFzc2lnbmlu
ZyBwZXJtaXNzaW9ucy4gV2hlbiBjcmVhdGluZyBhIHVzZXIsIGlmIHRoZSB1c2VyIGhhcyDigJxj
cmVhdGXigJ0gZnVuY3Rpb25hbGl0eSBmb3IgYSBWTSwgdGhleSBjYW4gYWxzbyBkZWxldGUgdGhl
IFZNIGV2ZW4gaWYg4oCcZGVsZXRl4oCdIGlzIG5vdCBjaGVja2VkLiBJcyB0aGlzIGJ5IGRlc2ln
biBvciBwZXJoYXBzIHNvbWV0aGluZyB0aGF0IHdhcyBvdmVybG9va2VkPw0KIEVzc2VudGlhbGx5
LCBJIHdhbnQgYSB1c2VyIHRoYXQgY2FuIGFkZC9tb2RpZnkgYnV0IG5vdCBkZWxldGUuPC9wPg0K
PC9kaXY+DQo8L2JvZHk+DQo8L2h0bWw+DQo=
--_000_CO2PR0801MB0743929DD095EC7F311FF50CA6870CO2PR0801MB0743_--
11:54 a.m.
--Apple-Mail=_1212FBC4-A134-4456-AB6F-911F6F988259
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
charset=utf-8
On 9 Dec 2016, at 16:53, Bill Bill <jax2568(a)outlook.com>
wrote:
=20
Hello,
=20
There seems to be an issue with assigning permissions. When creating a =
user, if
the user has =E2=80=9Ccreate=E2=80=9D functionality for a VM, =
they can also delete the VM even if =E2=80=9Cdelete=E2=80=9D is not =
checked. Is this by design or perhaps something that was overlooked? =
Essentially, I want a user that can add/modify but not delete.
it is probably a bug. worth filing a bug (ovirt-engine, virt)
there=E2=80=99s likely no easy workaround=E2=80=A6you can try to create =
your own role with only the create permission, but=E2=80=A6unlikely
Thanks,
michal
_______________________________________________
Users mailing list
Users(a)ovirt.org <mailto:Users@ovirt.org>
http://lists.phx.ovirt.org/mailman/listinfo/users =
<http://lists.phx.ovirt.org/mailman/listinfo/users>
--Apple-Mail=_1212FBC4-A134-4456-AB6F-911F6F988259
Content-Transfer-Encoding: quoted-printable
Content-Type: text/html;
charset=utf-8
<html><head><meta http-equiv=3D"Content-Type"
content=3D"text/html =
charset=3Dutf-8"></head><body style=3D"word-wrap: break-word; =
-webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" =
class=3D""><br class=3D""><div><blockquote
type=3D"cite" class=3D""><div =
class=3D"">On 9 Dec 2016, at 16:53, Bill Bill <<a =
href=3D"mailto:jax2568@outlook.com"
class=3D"">jax2568(a)outlook.com</a>&gt;=
wrote:</div><br class=3D"Apple-interchange-newline"><div
class=3D""><div =
class=3D"WordSection1" style=3D"page: WordSection1; font-family: =
Helvetica; font-size: 12px; font-style: normal; font-variant-caps: =
normal; font-weight: normal; letter-spacing: normal; orphans: auto; =
text-align: start; text-indent: 0px; text-transform: none; white-space: =
normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: =
0px;"><div style=3D"margin: 0in 0in 0.0001pt; font-size: 11pt; =
font-family: Calibri, sans-serif;" class=3D"">Hello,</div><div
=
style=3D"margin: 0in 0in 0.0001pt; font-size: 11pt; font-family: =
Calibri, sans-serif;" class=3D""><o:p
class=3D""> </o:p></div><div =
style=3D"margin: 0in 0in 0.0001pt; font-size: 11pt; font-family: =
Calibri, sans-serif;" class=3D"">There seems to be an issue with =
assigning permissions. When creating a user, if the user has =
=E2=80=9Ccreate=E2=80=9D functionality for a VM, they can also delete =
the VM even if =E2=80=9Cdelete=E2=80=9D is not checked. Is this by =
design or perhaps something that was overlooked? Essentially, I want a =
user that can add/modify but not =
delete.</div></div></div></blockquote><div><br
class=3D""></div>it is =
probably a bug. worth filing a bug (ovirt-engine, =
virt)</div><div>there=E2=80=99s likely no easy workaround=E2=80=A6you =
can try to create your own role with only the create permission, =
but=E2=80=A6unlikely</div><div><br =
class=3D""></div><div>Thanks,</div><div>michal</div><div><br
=
class=3D""><blockquote type=3D"cite"
class=3D""><div class=3D""><span =
style=3D"font-family: Helvetica; font-size: 12px; font-style: normal; =
font-variant-caps: normal; font-weight: normal; letter-spacing: normal; =
orphans: auto; text-align: start; text-indent: 0px; text-transform: =
none; white-space: normal; widows: auto; word-spacing: 0px; =
-webkit-text-stroke-width: 0px; float: none; display: inline =
!important;" =
class=3D"">_______________________________________________</span><br
=
style=3D"font-family: Helvetica; font-size: 12px; font-style: normal; =
font-variant-caps: normal; font-weight: normal; letter-spacing: normal; =
orphans: auto; text-align: start; text-indent: 0px; text-transform: =
none; white-space: normal; widows: auto; word-spacing: 0px; =
-webkit-text-stroke-width: 0px;" class=3D""><span
style=3D"font-family: =
Helvetica; font-size: 12px; font-style: normal; font-variant-caps: =
normal; font-weight: normal; letter-spacing: normal; orphans: auto; =
text-align: start; text-indent: 0px; text-transform: none; white-space: =
normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; =
float: none; display: inline !important;" class=3D"">Users mailing =
list</span><br style=3D"font-family: Helvetica; font-size: 12px; =
font-style: normal; font-variant-caps: normal; font-weight: normal; =
letter-spacing: normal; orphans: auto; text-align: start; text-indent: =
0px; text-transform: none; white-space: normal; widows: auto; =
word-spacing: 0px; -webkit-text-stroke-width: 0px;" class=3D""><a =
href=3D"mailto:Users@ovirt.org" style=3D"color: rgb(149, 79, 114); =
text-decoration: underline; font-family: Helvetica; font-size: 12px; =
font-style: normal; font-variant-caps: normal; font-weight: normal; =
letter-spacing: normal; orphans: auto; text-align: start; text-indent: =
0px; text-transform: none; white-space: normal; widows: auto; =
word-spacing: 0px; -webkit-text-size-adjust: auto; =
-webkit-text-stroke-width: 0px;"
class=3D"">Users(a)ovirt.org</a><br =
style=3D"font-family: Helvetica; font-size: 12px; font-style: normal; =
font-variant-caps: normal; font-weight: normal; letter-spacing: normal; =
orphans: auto; text-align: start; text-indent: 0px; text-transform: =
none; white-space: normal; widows: auto; word-spacing: 0px; =
-webkit-text-stroke-width: 0px;" class=3D""><a =
href=3D"http://lists.phx.ovirt.org/mailman/listinfo/users"
style=3D"color:=
rgb(149, 79, 114); text-decoration: underline; font-family: Helvetica; =
font-size: 12px; font-style: normal; font-variant-caps: normal; =
font-weight: normal; letter-spacing: normal; orphans: auto; text-align: =
start; text-indent: 0px; text-transform: none; white-space: normal; =
widows: auto; word-spacing: 0px; -webkit-text-size-adjust: auto; =
-webkit-text-stroke-width: 0px;" =
class=3D"">http://lists.phx.ovirt.org/mailman/listinfo/users...
ockquote></div><br class=3D""></body></html>=
--Apple-Mail=_1212FBC4-A134-4456-AB6F-911F6F988259--
12:32 p.m.
On Wed, Dec 14, 2016 at 9:54 AM, Michal Skrivanek <
michal.skrivanek(a)redhat.com> wrote:
On 9 Dec 2016, at 16:53, Bill Bill <jax2568(a)outlook.com> wrote:
Hello,
There seems to be an issue with assigning permissions. When creating a
user, if the user has “create” functionality for a VM, they can also delete
the VM even if “delete” is not checked. Is this by design or perhaps
something that was overlooked? Essentially, I want a user that can
add/modify but not delete.
it is probably a bug. worth filing a bug (ovirt-engine, virt)
It's not a bug. This is by design. When user has 'create_vm' permission and
he is using
UserPortal or filtered REST API, then he will get UserVmManager permission
on newly created VM
and with this permission you can delete that VM, but not any other vm, only
the one you've created.
there’s likely no easy workaround…you can try to create your own role
with
only the create permission, but…unlikely
Thanks,
michal
_______________________________________________
Users mailing list
Users(a)ovirt.org
http://lists.phx.ovirt.org/mailman/listinfo/users
_______________________________________________
Users mailing list
Users(a)ovirt.org
http://lists.phx.ovirt.org/mailman/listinfo/users
2900
days inactive
2905
days old
2 comments
3 participants
participants (3)
-
Bill Bill -
Michal Skrivanek -
Ondra Machacek