[Users] API read-only access / roles

René Koch (ovido) r.koch at ovido.at
Mon Nov 18 16:18:34 UTC 2013


On Mon, 2013-11-18 at 16:46 +0100, Sander Grendelman wrote:
> I'm working on (Zabbix) monitoring through the RESTful API.

Very nice - do you use my check_rhev3 Nagios plugin 
(https://github.com/ovido/check_rhev3) or are you working on 
your own script?

> 
> Which role should I assign to the monitoring user?
> 
> The user only needs read access to the data but it looks like
> I nead to assign at least an "Admin" role to the user to be
> able to read data through the API.
> 
> For this I've created a "AdminLoginOnly" role that only has
> System->Configure System->Login Permissions access.
> 
> Is this the way to go for this king of configuration? Or is there
> a way to further minimize the permissions of this user?

I create a custom role with these permissions for Nagios monitoring,
too.
I was thinking that in oVirt 3.3 there should be a predefined
viewers-role, but can't find it in my setup :(

> 
> Another issue is that a "Login" event is generated every time
> the user connects through the API. This makes the "Events"
> pane less useful / readable. Is there a way to disable this for
> some users/roles?


It depends if you have your own script or check_rhev3:
- check_rhev3 1.2: use option -o
- check_rhev3 1.3: you should not see any login information in this
version anymore
- custom script: see this page on information how to use the JSESSIONID
cookie: http://www.ovirt.org/Features/RESTSessionManagement


Regards,
René


> _______________________________________________
> Users mailing list
> Users at ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users




More information about the Users mailing list