Users losing permissions when user portal session times out
I finally have everything working pretty good. I have noticed that if I log in to the user portal as a user with the regular "UserRole" granted and only the the pool objects and the user portal session times I can not log back in. The user portal shows the message the the user is not authorized to perform this function. When I log in as admin and go to "users" then view the permissions for the user I was just logged in as, the user no longer shows the "UserRole" role even though the permissions on the pool objects still show the role is granted. I have to delete the user from the "Users" list and logging back in will refresh the permissions. I have ovirt integrated with my active directory for logins. I am granting permissions based on active directory groups. To grant the permissions, I am selecting the object (usually a pool), then selecting the "permissions" tab and then clicking "add"; I do a search for the group, i click the check box next to it and click ok. The group permissions seem to remain on the object when the user portal session times out, but the actual user that timed out loses all permissions/roles. I have no idea what could be causing this other than some sort of bug. Any ideas? Thanks in advance.
----- Original Message -----
From: "Jeff Clay" <jeffclay@gmail.com> To: users@ovirt.org, "paul thornton" <paul.thornton@infotech-enterprises.com> Sent: Thursday, May 8, 2014 9:09:00 AM Subject: [ovirt-users] Users losing permissions when user portal session times out
I finally have everything working pretty good. I have noticed that if I log in to the user portal as a user with the regular "UserRole" granted and only the the pool objects and the user portal session times I can not log back in. The user portal shows the message the the user is not authorized to perform this function. When I log in as admin and go to "users" then view the permissions for the user I was just logged in as, the user no longer shows the "UserRole" role even though the permissions on the pool objects still show the role is granted. I have to delete the user from the "Users" list and logging back in will refresh the permissions. I have ovirt integrated with my active directory for logins. I am granting permissions based on active directory groups. To grant the permissions, I am selecting the object (usually a pool), then selecting the "permissions" tab and then clicking "add"; I do a search for the group, i click the check box next to it and click ok. The group permissions seem to remain on the object when the user portal session times out, but the actual user that timed out loses all permissions/roles. I have no idea what could be causing this other than some sort of bug. Any ideas?
Thanks in advance.
This is a known issue, and IIRC was resolved by Oved. Oved, am I correct here?
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Jeff, which ovrit version are you using? Thanks. ----- Original Message -----
From: "Yair Zaslavsky" <yzaslavs@redhat.com> To: "Jeff Clay" <jeffclay@gmail.com> Cc: "Oved Ourfalli" <ovedo@redhat.com>, "paul thornton" <paul.thornton@infotech-enterprises.com>, users@ovirt.org Sent: Thursday, May 8, 2014 10:05:46 AM Subject: Re: [ovirt-users] Users losing permissions when user portal session times out
----- Original Message -----
From: "Jeff Clay" <jeffclay@gmail.com> To: users@ovirt.org, "paul thornton" <paul.thornton@infotech-enterprises.com> Sent: Thursday, May 8, 2014 9:09:00 AM Subject: [ovirt-users] Users losing permissions when user portal session times out
I finally have everything working pretty good. I have noticed that if I log in to the user portal as a user with the regular "UserRole" granted and only the the pool objects and the user portal session times I can not log back in. The user portal shows the message the the user is not authorized to perform this function. When I log in as admin and go to "users" then view the permissions for the user I was just logged in as, the user no longer shows the "UserRole" role even though the permissions on the pool objects still show the role is granted. I have to delete the user from the "Users" list and logging back in will refresh the permissions. I have ovirt integrated with my active directory for logins. I am granting permissions based on active directory groups. To grant the permissions, I am selecting the object (usually a pool), then selecting the "permissions" tab and then clicking "add"; I do a search for the group, i click the check box next to it and click ok. The group permissions seem to remain on the object when the user portal session times out, but the actual user that timed out loses all permissions/roles. I have no idea what could be causing this other than some sort of bug. Any ideas?
Thanks in advance.
This is a known issue, and IIRC was resolved by Oved. Oved, am I correct here?
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
----- Original Message -----
From: "Yair Zaslavsky" <yzaslavs@redhat.com> To: "Jeff Clay" <jeffclay@gmail.com> Cc: "Oved Ourfalli" <ovedo@redhat.com>, "paul thornton" <paul.thornton@infotech-enterprises.com>, users@ovirt.org Sent: Thursday, May 8, 2014 10:09:55 AM Subject: Re: [ovirt-users] Users losing permissions when user portal session times out
Jeff, which ovrit version are you using? Thanks.
It sounds similar to the following issues: Bug 1069562 - When assigning permissions to user that belongs to a group indirectly, it does not inherit the group permissions (resolved by me). Bug 1081204 - [AAA] External user UI access unstable (resolved by Yair). iirc both are part of 3.4, but will need to check it out. Let's see what version you're using, and proceed from there. Oved
----- Original Message -----
From: "Yair Zaslavsky" <yzaslavs@redhat.com> To: "Jeff Clay" <jeffclay@gmail.com> Cc: "Oved Ourfalli" <ovedo@redhat.com>, "paul thornton" <paul.thornton@infotech-enterprises.com>, users@ovirt.org Sent: Thursday, May 8, 2014 10:05:46 AM Subject: Re: [ovirt-users] Users losing permissions when user portal session times out
----- Original Message -----
From: "Jeff Clay" <jeffclay@gmail.com> To: users@ovirt.org, "paul thornton" <paul.thornton@infotech-enterprises.com> Sent: Thursday, May 8, 2014 9:09:00 AM Subject: [ovirt-users] Users losing permissions when user portal session times out
I finally have everything working pretty good. I have noticed that if I log in to the user portal as a user with the regular "UserRole" granted and only the the pool objects and the user portal session times I can not log back in. The user portal shows the message the the user is not authorized to perform this function. When I log in as admin and go to "users" then view the permissions for the user I was just logged in as, the user no longer shows the "UserRole" role even though the permissions on the pool objects still show the role is granted. I have to delete the user from the "Users" list and logging back in will refresh the permissions. I have ovirt integrated with my active directory for logins. I am granting permissions based on active directory groups. To grant the permissions, I am selecting the object (usually a pool), then selecting the "permissions" tab and then clicking "add"; I do a search for the group, i click the check box next to it and click ok. The group permissions seem to remain on the object when the user portal session times out, but the actual user that timed out loses all permissions/roles. I have no idea what could be causing this other than some sort of bug. Any ideas?
Thanks in advance.
This is a known issue, and IIRC was resolved by Oved. Oved, am I correct here?
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
I'm using version 3.4.0-1.el6. The user I've been testing with was directly added to this test-group in the AD. On Thu, May 8, 2014 at 2:11 AM, Oved Ourfalli <ovedo@redhat.com> wrote:
From: "Yair Zaslavsky" <yzaslavs@redhat.com> To: "Jeff Clay" <jeffclay@gmail.com> Cc: "Oved Ourfalli" <ovedo@redhat.com>, "paul thornton" <
----- Original Message ----- paul.thornton@infotech-enterprises.com>, users@ovirt.org
Sent: Thursday, May 8, 2014 10:09:55 AM Subject: Re: [ovirt-users] Users losing permissions when user portal session times out
Jeff, which ovrit version are you using? Thanks.
It sounds similar to the following issues: Bug 1069562 - When assigning permissions to user that belongs to a group indirectly, it does not inherit the group permissions (resolved by me). Bug 1081204 - [AAA] External user UI access unstable (resolved by Yair).
iirc both are part of 3.4, but will need to check it out. Let's see what version you're using, and proceed from there.
Oved
----- Original Message -----
From: "Yair Zaslavsky" <yzaslavs@redhat.com> To: "Jeff Clay" <jeffclay@gmail.com> Cc: "Oved Ourfalli" <ovedo@redhat.com>, "paul thornton" <paul.thornton@infotech-enterprises.com>, users@ovirt.org Sent: Thursday, May 8, 2014 10:05:46 AM Subject: Re: [ovirt-users] Users losing permissions when user portal session times out
----- Original Message -----
From: "Jeff Clay" <jeffclay@gmail.com> To: users@ovirt.org, "paul thornton" <paul.thornton@infotech-enterprises.com> Sent: Thursday, May 8, 2014 9:09:00 AM Subject: [ovirt-users] Users losing permissions when user portal
times out
I finally have everything working pretty good. I have noticed that if I log in to the user portal as a user with the regular "UserRole" granted and only the the pool objects and the user portal session times I can not log back in. The user portal shows the message the the user is not authorized to perform this function. When I log in as admin and go to "users"
view the permissions for the user I was just logged in as, the user no longer shows the "UserRole" role even though the permissions on the
objects still show the role is granted. I have to delete the user from the "Users" list and logging back in will refresh the permissions. I have ovirt integrated with my active directory for logins. I am granting
session then pool permissions
based on active directory groups. To grant the permissions, I am selecting the object (usually a pool), then selecting the "permissions" tab and then clicking "add"; I do a search for the group, i click the check box next to it and click ok. The group permissions seem to remain on the object when the user portal session times out, but the actual user that timed out loses all permissions/roles. I have no idea what could be causing this other than some sort of bug. Any ideas?
Thanks in advance.
This is a known issue, and IIRC was resolved by Oved. Oved, am I correct here?
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Just to update, I saw in that bug report that 3.4.1-1 was released today. I upgraded my engine and host and have not been able to reproduce the problem yet. Thank you Yair and Oved. On Thu, May 8, 2014 at 7:05 AM, Jeff Clay <jeffclay@gmail.com> wrote:
I'm using version 3.4.0-1.el6. The user I've been testing with was directly added to this test-group in the AD.
On Thu, May 8, 2014 at 2:11 AM, Oved Ourfalli <ovedo@redhat.com> wrote:
From: "Yair Zaslavsky" <yzaslavs@redhat.com> To: "Jeff Clay" <jeffclay@gmail.com> Cc: "Oved Ourfalli" <ovedo@redhat.com>, "paul thornton" <
----- Original Message ----- paul.thornton@infotech-enterprises.com>, users@ovirt.org
Sent: Thursday, May 8, 2014 10:09:55 AM Subject: Re: [ovirt-users] Users losing permissions when user portal session times out
Jeff, which ovrit version are you using? Thanks.
It sounds similar to the following issues: Bug 1069562 - When assigning permissions to user that belongs to a group indirectly, it does not inherit the group permissions (resolved by me). Bug 1081204 - [AAA] External user UI access unstable (resolved by Yair).
iirc both are part of 3.4, but will need to check it out. Let's see what version you're using, and proceed from there.
Oved
----- Original Message -----
From: "Yair Zaslavsky" <yzaslavs@redhat.com> To: "Jeff Clay" <jeffclay@gmail.com> Cc: "Oved Ourfalli" <ovedo@redhat.com>, "paul thornton" <paul.thornton@infotech-enterprises.com>, users@ovirt.org Sent: Thursday, May 8, 2014 10:05:46 AM Subject: Re: [ovirt-users] Users losing permissions when user portal session times out
----- Original Message -----
From: "Jeff Clay" <jeffclay@gmail.com> To: users@ovirt.org, "paul thornton" <paul.thornton@infotech-enterprises.com> Sent: Thursday, May 8, 2014 9:09:00 AM Subject: [ovirt-users] Users losing permissions when user portal
times out
I finally have everything working pretty good. I have noticed that if I log in to the user portal as a user with the regular "UserRole" granted and only the the pool objects and the user portal session times I can not log back in. The user portal shows the message the the user is not authorized to perform this function. When I log in as admin and go to "users"
view the permissions for the user I was just logged in as, the user no longer shows the "UserRole" role even though the permissions on the
objects still show the role is granted. I have to delete the user from the "Users" list and logging back in will refresh the permissions. I have ovirt integrated with my active directory for logins. I am granting
session then pool permissions
based on active directory groups. To grant the permissions, I am selecting the object (usually a pool), then selecting the "permissions" tab and then clicking "add"; I do a search for the group, i click the check box next to it and click ok. The group permissions seem to remain on the object when the user portal session times out, but the actual user that timed out loses all permissions/roles. I have no idea what could be causing this other than some sort of bug. Any ideas?
Thanks in advance.
This is a known issue, and IIRC was resolved by Oved. Oved, am I correct here?
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
participants (3)
-
Jeff Clay -
Oved Ourfalli -
Yair Zaslavsky