[ovirt-users] user permissions
Oved Ourfali
ovedo at redhat.com
Tue Jul 22 09:16:03 UTC 2014
On what object did you assign the PowerUser role?
A permission consist of user+role+object.
----- Original Message -----
> From: "Jorick Astrego" <j.astrego at netbulae.eu>
> To: users at ovirt.org
> Sent: Tuesday, July 22, 2014 11:43:43 AM
> Subject: Re: [ovirt-users] user permissions
>
> Hi,
>
> Sorry let be a bit more clear. I want to have a user that can log into the
> user portal and create vm's, stop them, add disks etc. But only as a user.
>
> I tried the poweruser role and can do all things except creating a new VM. I
> also want the user to only see and manipulate his own VM's and not the other
> ones running on the same system.
>
> Even with the PowerUser role, I am not able to create a new VM as this user.
> Also when I edit the built-in PowerUser role, I only see the following
> rights selected:
>
> Login Permissions
>
> Template
>
> Provisioning Operations
> Create
>
> VM
>
>
> Provisioning Operations
> Edit properties
> Create
>
> Disk
>
> Provisioning Operations
> Create
>
> Everything else is deselected.
>
> Kind regards,
>
> Jorick Astrego
> Netbulae
>
> On 07/22/2014 10:35 AM, Oved Ourfali wrote:
>
>
>
> Hi
>
> You didn't really specify what you would like to accomplish, and what
> permissions were granted and on what object.
> In general, we have two types of roles: User and Admin roles.
> If a user has any admin role on any object, then he can login to the admin
> portal.
> So, as long as you don't assign the user with admin role he will not be able
> to login to the admin portal.
>
> Giving PowerUser role on a DC will allow the user to create VMs and Disks
> through the user portal.
> Is that what you would like to accomplish?
>
> Oved
>
> ----- Original Message -----
>
>
>
> From: "Jorick Astrego" <j.astrego at netbulae.eu> To: users at ovirt.org Sent:
> Tuesday, July 22, 2014 11:32:16 AM
> Subject: [ovirt-users] user permissions
>
> Hi,
>
> In our 3.4.3 environment I started adding external users (it is
> connected to a freeipa server) and I'm having some problems setting the
> correct permissions.
>
> When I give all user roles to a user, I cannot create a vm and get an
> error "User is not authorized to perform this action". I tried setting
> it on the system level, DC level and cluster level.
>
> I needed to give this user an administrator role with only exactly the
> same vm and disk permissions (nothing extra) and things work ok, but he
> can now login to the admin portal. So I blocked it with a .htaccess
> which is not the prettiest solution.
>
> Am I doing things wrong?
>
> Also the user disappeared from the "System permissions" overview but can
> still login, which is a bit weird.
>
> Kind regards,
>
> Jorick Astrego
> Netbulae
>
> _______________________________________________
> Users mailing list Users at ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
>
>
> _______________________________________________
> Users mailing list
> Users at ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
>
More information about the Users
mailing list