[Engine-devel] Managing permissions on network
Livnat Peer
lpeer at redhat.com
Thu Nov 15 07:44:28 UTC 2012
On 14/11/12 10:11, Antoni Segura Puimedon wrote:
>
>
> ----- Original Message -----
>> From: "Itamar Heim" <iheim at redhat.com>
>> To: "Charlie" <medievalist at gmail.com>
>> Cc: "engine-devel" <engine-devel at ovirt.org>
>> Sent: Wednesday, November 14, 2012 5:28:21 AM
>> Subject: Re: [Engine-devel] Managing permissions on network
>>
>> On 11/13/2012 09:57 PM, Charlie wrote:
>>> Will any of these groups and/or permissions be drawn from LDAP?
>>>
>>> Frankly, system admins are not looking for yet another console to
>>> manage permissions.
>>
>> all users/groups come from LDAP.
>> you just need to give permissions to these groups/users in ovirt.
>> is that what you meant?
>
> Would it be possible to somehow allow the admins to set permissions
> on the LDAP console?
>
The integration with LDAP is on the level of managing users and groups
not the oVirt permissions themselves.
The reason for that is that permission = User + Role + Object
A user is given some Role on an Object, for example, admin1 is given the
role of clusterAdmin on clusterA, we can't set such permission in LDAP
as the objects themselves (Clusters, VMs, etc.) do not exist in LDAP.
Thanks, Livnat
More information about the Devel
mailing list