[Users] API read-only access / roles

Thu Feb 20 15:51:33 UTC 2014

On 02/20/2014 05:24 PM, Sven Kieske wrote:
> Hi,
>
> is nobody interested in this feature at all?
> it would be a huge security gain, while lowering
> the bars for having a read only user if this could get shipped with 3.4:

we are very interested, but we want to do this based on the 
authentication re-factoring, which in itself, barely made the 3.4 timeline.
Yair - are we "pluggable" yet, that someone could add such a user by 
dropping a jar somewhere, or still on going work towards 3.5?

>
> Am 19.02.2014 15:32, schrieb Sven Kieske:> I just looked into my test vm
> with the 3.4 beta
>> and I can't see such an user there.
>>
>> I created an RFE at: https://bugzilla.redhat.com/show_bug.cgi?id=1067036
>>
>>
>> I really hope this can get included in 3.4 (I know it's late)
>> as it should be a very very minor change at engine-setup.
>>
>> Thanks
>>
>> Am 19.02.2014 14:55, schrieb Sven Kieske:
>>> Hi,
>>>
>>> reiterating on this somewhat old mail:
>>>
>>> Is there a read only user integrated in 3.4?
>>>
>>> Because it's a huge overhead to install somewhere
>>> e.g. a freeipa server just to get read only access.
>>>
>>> Am 21.11.2013 09:52, schrieb Sander Grendelman:
>>>> Hi Doron,
>>>>
>>>> The user I've defined in [1] works for me.
>>>> A built-in login-/read-only role would be nice,
>>>> but it's quite easy to define a custom role so
>>>> more of a nice-to-have instead of a must-have.
>>>>
>>>> Thanks for asking!
>>>>
>>>> Sander.
>>>>
>>>> On Wed, Nov 20, 2013 at 5:40 PM, Doron Fediuck <dfediuck at redhat.com>
> wrote:
>>>>> Hi Sander,
>>>>> We're closing the ovirt 3.4 scope, and wondering if you're handling
>>>>> Zabbix based on [1].
>>>>> If so please let me know and I'll update the 3.4 features list.
>>>>>
>>>>> Thanks,
>>>>> Doron
>>>>>
>>>>> [1] http://lists.ovirt.org/pipermail/users/2013-November/017946.html
>>>
>>