Unable to remove system roles from Everyone group
I opened Everyone group and added system role UserRole and realized now that everybody can see all VMS which is not good. I tried to remove the role from the group but got the error "Error while executing action: It's not allowed to remove system permissions assigned to built-in Everyone group" Looking into Ovirt forums I see that this change should be made through the engine database but I was not able to reach that part. Can someone help me out how to remove the system role from Everyone group? or at least reset the group?
Hello Miguel, later versions of oVirt are using software collections to run postgres ( it allows you to run different versions and configure the correct environment. Get the id for the everyone group https://engine.example.com/ovirt-engine/api/groups?search=everyone Get the id for the UserRole https://engine.example.com/ovirt-engine/api/roles connect to the engine database ( the engine pass..d should be in /etc/ovirt-engine/engine.conf.d/10-setup-database.conf) e.g. for oVirt 4.3 which uses postgres10 scl enable rh-postgresql10 -- psql -h localhost -U engine -d engine select * from permissions where ad_element_id='groupid'; note the id of the permission, probably the last one but you can check by the role_id then delete the permission. delete from permissions where id='noted before'; you may want to make a backup before. Regards, Paul S. I am posting this again via HyperKitty the email at users@ovirt.org wasn't responding
participants (2)
-
miguel.garcia@toshibagcs.com -
p.staniforth@leedsbeckett.ac.uk