[ovirt-users] user permissions

Oved Ourfali ovedo at redhat.com
Tue Jul 22 11:04:01 UTC 2014 

Please open a bug on that.
But please provide full details, what permissions on what object, and what dialog are you opening, what operation are you trying to do, with the complete logs.

Thanks,
Oved

----- Original Message -----
> From: "Jorick Astrego" <j.astrego at netbulae.eu>
> Cc: users at ovirt.org
> Sent: Tuesday, July 22, 2014 1:57:44 PM
> Subject: Re: [ovirt-users] user permissions
> 
> 
> The only relevant things I see in the log are lots of these:
> 
> 2014-07-22 09:52:46,867 ERROR [org.ovirt.engine.core.bll.SearchQuery]
> (ajp--127.0.0.1-8702-12) Query execution failed due to insufficient
> permissions.
> 2014-07-22 09:52:46,867 ERROR [org.ovirt.engine.core.bll.SearchQuery]
> (ajp--127.0.0.1-8702-12) Query execution failed due to insufficient
> permissions.
> 2014-07-22 09:53:46,869 ERROR [org.ovirt.engine.core.bll.SearchQuery]
> (ajp--127.0.0.1-8702-5) Query execution failed due to insufficient
> permissions.
> 2014-07-22 09:53:46,869 ERROR [org.ovirt.engine.core.bll.SearchQuery]
> (ajp--127.0.0.1-8702-5) Query execution failed due to insufficient
> permissions.
> 2014-07-22 09:54:46,865 ERROR [org.ovirt.engine.core.bll.SearchQuery]
> (ajp--127.0.0.1-8702-8) Query execution failed due to insufficient
> permissions.
> 2014-07-22 09:54:46,865 ERROR [org.ovirt.engine.core.bll.SearchQuery]
> (ajp--127.0.0.1-8702-8) Query execution failed due to insufficient
> permissions.
> 
> 2014-07-22 10:27:46,879 ERROR [org.ovirt.engine.core.bll.SearchQuery]
> (ajp--127.0.0.1-8702-5) Query execution failed due to insufficient
> permissions.
> 2014-07-22 10:27:46,880 ERROR [org.ovirt.engine.core.bll.SearchQuery]
> (ajp--127.0.0.1-8702-5) Query execution failed due to insufficient
> permissions.
> 2014-07-22 10:28:46,949 ERROR [org.ovirt.engine.core.bll.SearchQuery]
> (ajp--127.0.0.1-8702-1) Query execution failed due to insufficient
> permissions.
> 2014-07-22 10:28:46,950 ERROR [org.ovirt.engine.core.bll.SearchQuery]
> (ajp--127.0.0.1-8702-1) Query execution failed due to insufficient
> permissions.
> 2014-07-22 10:29:46,887 ERROR [org.ovirt.engine.core.bll.SearchQuery]
> (ajp--127.0.0.1-8702-4) Query execution failed due to insufficient
> permissions.
> 2014-07-22 10:29:46,887 ERROR [org.ovirt.engine.core.bll.SearchQuery]
> (ajp--127.0.0.1-8702-4) Query execution failed due to insufficient
> permissions.
> 
> 2014-07-22 10:36:46,911 ERROR [org.ovirt.engine.core.bll.SearchQuery]
> (ajp--127.0.0.1-8702-13) Query execution failed due to insufficient
> permissions.
> 2014-07-22 10:36:46,911 ERROR [org.ovirt.engine.core.bll.SearchQuery]
> (ajp--127.0.0.1-8702-13) Query execution failed due to insufficient
> permissions.
> 2014-07-22 10:37:46,924 ERROR [org.ovirt.engine.core.bll.SearchQuery]
> (ajp--127.0.0.1-8702-1) Query execution failed due to insufficient
> permissions.
> 2014-07-22 10:37:46,924 ERROR [org.ovirt.engine.core.bll.SearchQuery]
> (ajp--127.0.0.1-8702-1) Query execution failed due to insufficient
> permissions.
> 2014-07-22 10:38:46,966 ERROR [org.ovirt.engine.core.bll.SearchQuery]
> (ajp--127.0.0.1-8702-8) Query execution failed due to insufficient
> permissions.
> 2014-07-22 10:38:46,967 ERROR [org.ovirt.engine.core.bll.SearchQuery]
> (ajp--127.0.0.1-8702-8) Query execution failed due to insufficient
> permissions.
> 2014-07-22 10:39:46,941 ERROR [org.ovirt.engine.core.bll.SearchQuery]
> (ajp--127.0.0.1-8702-5) Query execution failed due to insufficient
> permissions.
> 2014-07-22 10:39:46,942 ERROR [org.ovirt.engine.core.bll.SearchQuery]
> (ajp--127.0.0.1-8702-5) Query execution failed due to insufficient
> permissions.
> 
> Kind regards,
> Jorick
> 
> 
> On 07/22/2014 12:16 PM, Oved Ourfali wrote:
> 
> 
> 
> Setting PowerUser for some user on System or on a DC should be enough to
> create VMs on it.
> What error do you get?
> Can you share your logs?
> 
> ----- Original Message -----
> 
> 
> 
> From: "Jorick Astrego" <j.astrego at netbulae.eu> Cc: users at ovirt.org Sent:
> Tuesday, July 22, 2014 12:26:38 PM
> Subject: Re: [ovirt-users] user permissions
> 
> I had it set on the system (with the configure button) and the DC but
> tried every combination I could think off.
> 
> Also created a new user type role with all the user permissions selected.
> 
> Kind regards,
> Jorick Astrego
> 
> 
> 
> On 07/22/2014 11:16 AM, Oved Ourfali wrote:
> 
> 
> 
> On what object did you assign the PowerUser role?
> A permission consist of user+role+object.
> 
> ----- Original Message -----
> 
> 
> 
> From: "Jorick Astrego" <j.astrego at netbulae.eu> To: users at ovirt.org Sent:
> Tuesday, July 22, 2014 11:43:43 AM
> Subject: Re: [ovirt-users] user permissions
> 
> Hi,
> 
> Sorry let be a bit more clear. I want to have a user that can log into the
> user portal and create vm's, stop them, add disks etc. But only as a user.
> 
> I tried the poweruser role and can do all things except creating a new VM.
> I
> also want the user to only see and manipulate his own VM's and not the
> other
> ones running on the same system.
> 
> Even with the PowerUser role, I am not able to create a new VM as this
> user.
> Also when I edit the built-in PowerUser role, I only see the following
> rights selected:
> 
> Login Permissions
> 
> Template
> 
> Provisioning Operations
> Create
> 
> VM
> 
> 
> Provisioning Operations
> Edit properties
> Create
> 
> Disk
> 
> Provisioning Operations
> Create
> 
> Everything else is deselected.
> 
> Kind regards,
> 
> Jorick Astrego
> Netbulae
> 
> On 07/22/2014 10:35 AM, Oved Ourfali wrote:
> 
> 
> 
> Hi
> 
> You didn't really specify what you would like to accomplish, and what
> permissions were granted and on what object.
> In general, we have two types of roles: User and Admin roles.
> If a user has any admin role on any object, then he can login to the admin
> portal.
> So, as long as you don't assign the user with admin role he will not be
> able
> to login to the admin portal.
> 
> Giving PowerUser role on a DC will allow the user to create VMs and Disks
> through the user portal.
> Is that what you would like to accomplish?
> 
> Oved
> 
> ----- Original Message -----
> 
> 
> 
> From: "Jorick Astrego" <j.astrego at netbulae.eu> To: users at ovirt.org Sent:
> Tuesday, July 22, 2014 11:32:16 AM
> Subject: [ovirt-users] user permissions
> 
> Hi,
> 
> In our 3.4.3 environment I started adding external users (it is
> connected to a freeipa server) and I'm having some problems setting the
> correct permissions.
> 
> When I give all user roles to a user, I cannot create a vm and get an
> error "User is not authorized to perform this action". I tried setting
> it on the system level, DC level and cluster level.
> 
> I needed to give this user an administrator role with only exactly the
> same vm and disk permissions (nothing extra) and things work ok, but he
> can now login to the admin portal. So I blocked it with a .htaccess
> which is not the prettiest solution.
> 
> Am I doing things wrong?
> 
> Also the user disappeared from the "System permissions" overview but can
> still login, which is a bit weird.
> 
> Kind regards,
> 
> Jorick Astrego
> Netbulae
> 
> _______________________________________________
> Users mailing list Users at ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
> _______________________________________________
> Users mailing list Users at ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
> _______________________________________________
> Users mailing list Users at ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
> 
> 
> _______________________________________________
> Users mailing list
> Users at ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
>

More information about the Users mailing list