[ovirt-users] user permissions
Oved Ourfali
ovedo at redhat.com
Wed Jul 23 04:35:28 EDT 2014
Hi
I was able to reproduce similar errors in the log, but with regards to GetRngQeury and not SearchQuery.
And, it caused an issue with selecting an instance type, but I was able to create a VM successfully, while being only a PowerUser on the DC.
I'll post the fix for that.
What version are you using?
Perhaps your issue was already solved?
Did you open a bug on your issue?
Thanks,
Oved
----- Original Message -----
> From: "Oved Ourfali" <ovedo at redhat.com>
> To: "Jorick Astrego" <j.astrego at netbulae.eu>
> Cc: users at ovirt.org
> Sent: Tuesday, July 22, 2014 2:04:01 PM
> Subject: Re: [ovirt-users] user permissions
>
> Please open a bug on that.
> But please provide full details, what permissions on what object, and what
> dialog are you opening, what operation are you trying to do, with the
> complete logs.
>
> Thanks,
> Oved
>
> ----- Original Message -----
> > From: "Jorick Astrego" <j.astrego at netbulae.eu>
> > Cc: users at ovirt.org
> > Sent: Tuesday, July 22, 2014 1:57:44 PM
> > Subject: Re: [ovirt-users] user permissions
> >
> >
> > The only relevant things I see in the log are lots of these:
> >
> > 2014-07-22 09:52:46,867 ERROR [org.ovirt.engine.core.bll.SearchQuery]
> > (ajp--127.0.0.1-8702-12) Query execution failed due to insufficient
> > permissions.
> > 2014-07-22 09:52:46,867 ERROR [org.ovirt.engine.core.bll.SearchQuery]
> > (ajp--127.0.0.1-8702-12) Query execution failed due to insufficient
> > permissions.
> > 2014-07-22 09:53:46,869 ERROR [org.ovirt.engine.core.bll.SearchQuery]
> > (ajp--127.0.0.1-8702-5) Query execution failed due to insufficient
> > permissions.
> > 2014-07-22 09:53:46,869 ERROR [org.ovirt.engine.core.bll.SearchQuery]
> > (ajp--127.0.0.1-8702-5) Query execution failed due to insufficient
> > permissions.
> > 2014-07-22 09:54:46,865 ERROR [org.ovirt.engine.core.bll.SearchQuery]
> > (ajp--127.0.0.1-8702-8) Query execution failed due to insufficient
> > permissions.
> > 2014-07-22 09:54:46,865 ERROR [org.ovirt.engine.core.bll.SearchQuery]
> > (ajp--127.0.0.1-8702-8) Query execution failed due to insufficient
> > permissions.
> >
> > 2014-07-22 10:27:46,879 ERROR [org.ovirt.engine.core.bll.SearchQuery]
> > (ajp--127.0.0.1-8702-5) Query execution failed due to insufficient
> > permissions.
> > 2014-07-22 10:27:46,880 ERROR [org.ovirt.engine.core.bll.SearchQuery]
> > (ajp--127.0.0.1-8702-5) Query execution failed due to insufficient
> > permissions.
> > 2014-07-22 10:28:46,949 ERROR [org.ovirt.engine.core.bll.SearchQuery]
> > (ajp--127.0.0.1-8702-1) Query execution failed due to insufficient
> > permissions.
> > 2014-07-22 10:28:46,950 ERROR [org.ovirt.engine.core.bll.SearchQuery]
> > (ajp--127.0.0.1-8702-1) Query execution failed due to insufficient
> > permissions.
> > 2014-07-22 10:29:46,887 ERROR [org.ovirt.engine.core.bll.SearchQuery]
> > (ajp--127.0.0.1-8702-4) Query execution failed due to insufficient
> > permissions.
> > 2014-07-22 10:29:46,887 ERROR [org.ovirt.engine.core.bll.SearchQuery]
> > (ajp--127.0.0.1-8702-4) Query execution failed due to insufficient
> > permissions.
> >
> > 2014-07-22 10:36:46,911 ERROR [org.ovirt.engine.core.bll.SearchQuery]
> > (ajp--127.0.0.1-8702-13) Query execution failed due to insufficient
> > permissions.
> > 2014-07-22 10:36:46,911 ERROR [org.ovirt.engine.core.bll.SearchQuery]
> > (ajp--127.0.0.1-8702-13) Query execution failed due to insufficient
> > permissions.
> > 2014-07-22 10:37:46,924 ERROR [org.ovirt.engine.core.bll.SearchQuery]
> > (ajp--127.0.0.1-8702-1) Query execution failed due to insufficient
> > permissions.
> > 2014-07-22 10:37:46,924 ERROR [org.ovirt.engine.core.bll.SearchQuery]
> > (ajp--127.0.0.1-8702-1) Query execution failed due to insufficient
> > permissions.
> > 2014-07-22 10:38:46,966 ERROR [org.ovirt.engine.core.bll.SearchQuery]
> > (ajp--127.0.0.1-8702-8) Query execution failed due to insufficient
> > permissions.
> > 2014-07-22 10:38:46,967 ERROR [org.ovirt.engine.core.bll.SearchQuery]
> > (ajp--127.0.0.1-8702-8) Query execution failed due to insufficient
> > permissions.
> > 2014-07-22 10:39:46,941 ERROR [org.ovirt.engine.core.bll.SearchQuery]
> > (ajp--127.0.0.1-8702-5) Query execution failed due to insufficient
> > permissions.
> > 2014-07-22 10:39:46,942 ERROR [org.ovirt.engine.core.bll.SearchQuery]
> > (ajp--127.0.0.1-8702-5) Query execution failed due to insufficient
> > permissions.
> >
> > Kind regards,
> > Jorick
> >
> >
> > On 07/22/2014 12:16 PM, Oved Ourfali wrote:
> >
> >
> >
> > Setting PowerUser for some user on System or on a DC should be enough to
> > create VMs on it.
> > What error do you get?
> > Can you share your logs?
> >
> > ----- Original Message -----
> >
> >
> >
> > From: "Jorick Astrego" <j.astrego at netbulae.eu> Cc: users at ovirt.org Sent:
> > Tuesday, July 22, 2014 12:26:38 PM
> > Subject: Re: [ovirt-users] user permissions
> >
> > I had it set on the system (with the configure button) and the DC but
> > tried every combination I could think off.
> >
> > Also created a new user type role with all the user permissions selected.
> >
> > Kind regards,
> > Jorick Astrego
> >
> >
> >
> > On 07/22/2014 11:16 AM, Oved Ourfali wrote:
> >
> >
> >
> > On what object did you assign the PowerUser role?
> > A permission consist of user+role+object.
> >
> > ----- Original Message -----
> >
> >
> >
> > From: "Jorick Astrego" <j.astrego at netbulae.eu> To: users at ovirt.org Sent:
> > Tuesday, July 22, 2014 11:43:43 AM
> > Subject: Re: [ovirt-users] user permissions
> >
> > Hi,
> >
> > Sorry let be a bit more clear. I want to have a user that can log into the
> > user portal and create vm's, stop them, add disks etc. But only as a user.
> >
> > I tried the poweruser role and can do all things except creating a new VM.
> > I
> > also want the user to only see and manipulate his own VM's and not the
> > other
> > ones running on the same system.
> >
> > Even with the PowerUser role, I am not able to create a new VM as this
> > user.
> > Also when I edit the built-in PowerUser role, I only see the following
> > rights selected:
> >
> > Login Permissions
> >
> > Template
> >
> > Provisioning Operations
> > Create
> >
> > VM
> >
> >
> > Provisioning Operations
> > Edit properties
> > Create
> >
> > Disk
> >
> > Provisioning Operations
> > Create
> >
> > Everything else is deselected.
> >
> > Kind regards,
> >
> > Jorick Astrego
> > Netbulae
> >
> > On 07/22/2014 10:35 AM, Oved Ourfali wrote:
> >
> >
> >
> > Hi
> >
> > You didn't really specify what you would like to accomplish, and what
> > permissions were granted and on what object.
> > In general, we have two types of roles: User and Admin roles.
> > If a user has any admin role on any object, then he can login to the admin
> > portal.
> > So, as long as you don't assign the user with admin role he will not be
> > able
> > to login to the admin portal.
> >
> > Giving PowerUser role on a DC will allow the user to create VMs and Disks
> > through the user portal.
> > Is that what you would like to accomplish?
> >
> > Oved
> >
> > ----- Original Message -----
> >
> >
> >
> > From: "Jorick Astrego" <j.astrego at netbulae.eu> To: users at ovirt.org Sent:
> > Tuesday, July 22, 2014 11:32:16 AM
> > Subject: [ovirt-users] user permissions
> >
> > Hi,
> >
> > In our 3.4.3 environment I started adding external users (it is
> > connected to a freeipa server) and I'm having some problems setting the
> > correct permissions.
> >
> > When I give all user roles to a user, I cannot create a vm and get an
> > error "User is not authorized to perform this action". I tried setting
> > it on the system level, DC level and cluster level.
> >
> > I needed to give this user an administrator role with only exactly the
> > same vm and disk permissions (nothing extra) and things work ok, but he
> > can now login to the admin portal. So I blocked it with a .htaccess
> > which is not the prettiest solution.
> >
> > Am I doing things wrong?
> >
> > Also the user disappeared from the "System permissions" overview but can
> > still login, which is a bit weird.
> >
> > Kind regards,
> >
> > Jorick Astrego
> > Netbulae
> >
> > _______________________________________________
> > Users mailing list Users at ovirt.org
> > http://lists.ovirt.org/mailman/listinfo/users
> > _______________________________________________
> > Users mailing list Users at ovirt.org
> > http://lists.ovirt.org/mailman/listinfo/users
> > _______________________________________________
> > Users mailing list Users at ovirt.org
> > http://lists.ovirt.org/mailman/listinfo/users
> >
> >
> > _______________________________________________
> > Users mailing list
> > Users at ovirt.org
> > http://lists.ovirt.org/mailman/listinfo/users
> >
> _______________________________________________
> Users mailing list
> Users at ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
>
More information about the Users
mailing list