[ovirt-users] user permissions
Jorick Astrego
j.astrego at netbulae.eu
Tue Jul 22 10:57:44 UTC 2014
The only relevant things I see in the log are lots of these:
2014-07-22 09:52:46,867 ERROR [org.ovirt.engine.core.bll.SearchQuery]
(ajp--127.0.0.1-8702-12) Query execution failed due to insufficient
permissions.
2014-07-22 09:52:46,867 ERROR [org.ovirt.engine.core.bll.SearchQuery]
(ajp--127.0.0.1-8702-12) Query execution failed due to insufficient
permissions.
2014-07-22 09:53:46,869 ERROR [org.ovirt.engine.core.bll.SearchQuery]
(ajp--127.0.0.1-8702-5) Query execution failed due to insufficient
permissions.
2014-07-22 09:53:46,869 ERROR [org.ovirt.engine.core.bll.SearchQuery]
(ajp--127.0.0.1-8702-5) Query execution failed due to insufficient
permissions.
2014-07-22 09:54:46,865 ERROR [org.ovirt.engine.core.bll.SearchQuery]
(ajp--127.0.0.1-8702-8) Query execution failed due to insufficient
permissions.
2014-07-22 09:54:46,865 ERROR [org.ovirt.engine.core.bll.SearchQuery]
(ajp--127.0.0.1-8702-8) Query execution failed due to insufficient
permissions.
2014-07-22 10:27:46,879 ERROR [org.ovirt.engine.core.bll.SearchQuery]
(ajp--127.0.0.1-8702-5) Query execution failed due to insufficient
permissions.
2014-07-22 10:27:46,880 ERROR [org.ovirt.engine.core.bll.SearchQuery]
(ajp--127.0.0.1-8702-5) Query execution failed due to insufficient
permissions.
2014-07-22 10:28:46,949 ERROR [org.ovirt.engine.core.bll.SearchQuery]
(ajp--127.0.0.1-8702-1) Query execution failed due to insufficient
permissions.
2014-07-22 10:28:46,950 ERROR [org.ovirt.engine.core.bll.SearchQuery]
(ajp--127.0.0.1-8702-1) Query execution failed due to insufficient
permissions.
2014-07-22 10:29:46,887 ERROR [org.ovirt.engine.core.bll.SearchQuery]
(ajp--127.0.0.1-8702-4) Query execution failed due to insufficient
permissions.
2014-07-22 10:29:46,887 ERROR [org.ovirt.engine.core.bll.SearchQuery]
(ajp--127.0.0.1-8702-4) Query execution failed due to insufficient
permissions.
2014-07-22 10:36:46,911 ERROR [org.ovirt.engine.core.bll.SearchQuery]
(ajp--127.0.0.1-8702-13) Query execution failed due to insufficient
permissions.
2014-07-22 10:36:46,911 ERROR [org.ovirt.engine.core.bll.SearchQuery]
(ajp--127.0.0.1-8702-13) Query execution failed due to insufficient
permissions.
2014-07-22 10:37:46,924 ERROR [org.ovirt.engine.core.bll.SearchQuery]
(ajp--127.0.0.1-8702-1) Query execution failed due to insufficient
permissions.
2014-07-22 10:37:46,924 ERROR [org.ovirt.engine.core.bll.SearchQuery]
(ajp--127.0.0.1-8702-1) Query execution failed due to insufficient
permissions.
2014-07-22 10:38:46,966 ERROR [org.ovirt.engine.core.bll.SearchQuery]
(ajp--127.0.0.1-8702-8) Query execution failed due to insufficient
permissions.
2014-07-22 10:38:46,967 ERROR [org.ovirt.engine.core.bll.SearchQuery]
(ajp--127.0.0.1-8702-8) Query execution failed due to insufficient
permissions.
2014-07-22 10:39:46,941 ERROR [org.ovirt.engine.core.bll.SearchQuery]
(ajp--127.0.0.1-8702-5) Query execution failed due to insufficient
permissions.
2014-07-22 10:39:46,942 ERROR [org.ovirt.engine.core.bll.SearchQuery]
(ajp--127.0.0.1-8702-5) Query execution failed due to insufficient
permissions.
Kind regards,
Jorick
On 07/22/2014 12:16 PM, Oved Ourfali wrote:
> Setting PowerUser for some user on System or on a DC should be enough to create VMs on it.
> What error do you get?
> Can you share your logs?
>
> ----- Original Message -----
>> From: "Jorick Astrego" <j.astrego at netbulae.eu>
>> Cc: users at ovirt.org
>> Sent: Tuesday, July 22, 2014 12:26:38 PM
>> Subject: Re: [ovirt-users] user permissions
>>
>> I had it set on the system (with the configure button) and the DC but
>> tried every combination I could think off.
>>
>> Also created a new user type role with all the user permissions selected.
>>
>> Kind regards,
>> Jorick Astrego
>>
>>
>>
>> On 07/22/2014 11:16 AM, Oved Ourfali wrote:
>>> On what object did you assign the PowerUser role?
>>> A permission consist of user+role+object.
>>>
>>> ----- Original Message -----
>>>> From: "Jorick Astrego" <j.astrego at netbulae.eu>
>>>> To: users at ovirt.org
>>>> Sent: Tuesday, July 22, 2014 11:43:43 AM
>>>> Subject: Re: [ovirt-users] user permissions
>>>>
>>>> Hi,
>>>>
>>>> Sorry let be a bit more clear. I want to have a user that can log into the
>>>> user portal and create vm's, stop them, add disks etc. But only as a user.
>>>>
>>>> I tried the poweruser role and can do all things except creating a new VM.
>>>> I
>>>> also want the user to only see and manipulate his own VM's and not the
>>>> other
>>>> ones running on the same system.
>>>>
>>>> Even with the PowerUser role, I am not able to create a new VM as this
>>>> user.
>>>> Also when I edit the built-in PowerUser role, I only see the following
>>>> rights selected:
>>>>
>>>> Login Permissions
>>>>
>>>> Template
>>>>
>>>> Provisioning Operations
>>>> Create
>>>>
>>>> VM
>>>>
>>>>
>>>> Provisioning Operations
>>>> Edit properties
>>>> Create
>>>>
>>>> Disk
>>>>
>>>> Provisioning Operations
>>>> Create
>>>>
>>>> Everything else is deselected.
>>>>
>>>> Kind regards,
>>>>
>>>> Jorick Astrego
>>>> Netbulae
>>>>
>>>> On 07/22/2014 10:35 AM, Oved Ourfali wrote:
>>>>
>>>>
>>>>
>>>> Hi
>>>>
>>>> You didn't really specify what you would like to accomplish, and what
>>>> permissions were granted and on what object.
>>>> In general, we have two types of roles: User and Admin roles.
>>>> If a user has any admin role on any object, then he can login to the admin
>>>> portal.
>>>> So, as long as you don't assign the user with admin role he will not be
>>>> able
>>>> to login to the admin portal.
>>>>
>>>> Giving PowerUser role on a DC will allow the user to create VMs and Disks
>>>> through the user portal.
>>>> Is that what you would like to accomplish?
>>>>
>>>> Oved
>>>>
>>>> ----- Original Message -----
>>>>
>>>>
>>>>
>>>> From: "Jorick Astrego" <j.astrego at netbulae.eu> To: users at ovirt.org Sent:
>>>> Tuesday, July 22, 2014 11:32:16 AM
>>>> Subject: [ovirt-users] user permissions
>>>>
>>>> Hi,
>>>>
>>>> In our 3.4.3 environment I started adding external users (it is
>>>> connected to a freeipa server) and I'm having some problems setting the
>>>> correct permissions.
>>>>
>>>> When I give all user roles to a user, I cannot create a vm and get an
>>>> error "User is not authorized to perform this action". I tried setting
>>>> it on the system level, DC level and cluster level.
>>>>
>>>> I needed to give this user an administrator role with only exactly the
>>>> same vm and disk permissions (nothing extra) and things work ok, but he
>>>> can now login to the admin portal. So I blocked it with a .htaccess
>>>> which is not the prettiest solution.
>>>>
>>>> Am I doing things wrong?
>>>>
>>>> Also the user disappeared from the "System permissions" overview but can
>>>> still login, which is a bit weird.
>>>>
>>>> Kind regards,
>>>>
>>>> Jorick Astrego
>>>> Netbulae
>>>>
>>>> _______________________________________________
>>>> Users mailing list Users at ovirt.org
>>>> http://lists.ovirt.org/mailman/listinfo/users
>>>>
>>>>
>>>> _______________________________________________
>>>> Users mailing list
>>>> Users at ovirt.org
>>>> http://lists.ovirt.org/mailman/listinfo/users
>>>>
>>
>> _______________________________________________
>> Users mailing list
>> Users at ovirt.org
>> http://lists.ovirt.org/mailman/listinfo/users
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ovirt.org/pipermail/users/attachments/20140722/2db461da/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: iebdcbdj.png
Type: image/png
Size: 12519 bytes
Desc: not available
URL: <http://lists.ovirt.org/pipermail/users/attachments/20140722/2db461da/attachment-0001.png>
More information about the Users
mailing list