[ovirt-users] user permissions

Oved Ourfali ovedo at redhat.com
Tue Jul 22 09:16:03 UTC 2014 

On what object did you assign the PowerUser role?
A permission consist of user+role+object.

----- Original Message -----
> From: "Jorick Astrego" <j.astrego at netbulae.eu>
> To: users at ovirt.org
> Sent: Tuesday, July 22, 2014 11:43:43 AM
> Subject: Re: [ovirt-users] user permissions
> 
> Hi,
> 
> Sorry let be a bit more clear. I want to have a user that can log into the
> user portal and create vm's, stop them, add disks etc. But only as a user.
> 
> I tried the poweruser role and can do all things except creating a new VM. I
> also want the user to only see and manipulate his own VM's and not the other
> ones running on the same system.
> 
> Even with the PowerUser role, I am not able to create a new VM as this user.
> Also when I edit the built-in PowerUser role, I only see the following
> rights selected:
> 
> Login Permissions
> 
> Template
> 
> Provisioning Operations
> Create
> 
> VM
> 
> 
> Provisioning Operations
> Edit properties
> Create
> 
> Disk
> 
> Provisioning Operations
> Create
> 
> Everything else is deselected.
> 
> Kind regards,
> 
> Jorick Astrego
> Netbulae
> 
> On 07/22/2014 10:35 AM, Oved Ourfali wrote:
> 
> 
> 
> Hi
> 
> You didn't really specify what you would like to accomplish, and what
> permissions were granted and on what object.
> In general, we have two types of roles: User and Admin roles.
> If a user has any admin role on any object, then he can login to the admin
> portal.
> So, as long as you don't assign the user with admin role he will not be able
> to login to the admin portal.
> 
> Giving PowerUser role on a DC will allow the user to create VMs and Disks
> through the user portal.
> Is that what you would like to accomplish?
> 
> Oved
> 
> ----- Original Message -----
> 
> 
> 
> From: "Jorick Astrego" <j.astrego at netbulae.eu> To: users at ovirt.org Sent:
> Tuesday, July 22, 2014 11:32:16 AM
> Subject: [ovirt-users] user permissions
> 
> Hi,
> 
> In our 3.4.3 environment I started adding external users (it is
> connected to a freeipa server) and I'm having some problems setting the
> correct permissions.
> 
> When I give all user roles to a user, I cannot create a vm and get an
> error "User is not authorized to perform this action". I tried setting
> it on the system level, DC level and cluster level.
> 
> I needed to give this user an administrator role with only exactly the
> same vm and disk permissions (nothing extra) and things work ok, but he
> can now login to the admin portal. So I blocked it with a .htaccess
> which is not the prettiest solution.
> 
> Am I doing things wrong?
> 
> Also the user disappeared from the "System permissions" overview but can
> still login, which is a bit weird.
> 
> Kind regards,
> 
> Jorick Astrego
> Netbulae
> 
> _______________________________________________
> Users mailing list Users at ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
> 
> 
> _______________________________________________
> Users mailing list
> Users at ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
>

More information about the Users mailing list