[Users] API read-only access / roles

Yair Zaslavsky yzaslavs at redhat.com
Wed Mar 26 08:06:26 EDT 2014



----- Original Message -----
> From: "Itamar Heim" <iheim at redhat.com>
> To: "Sven Kieske" <S.Kieske at mittwald.de>, "Users at ovirt.org List" <Users at ovirt.org>, "Yair Zaslavsky"
> <yzaslavs at redhat.com>
> Sent: Wednesday, March 26, 2014 12:46:28 PM
> Subject: Re: [Users] API read-only access / roles
> 
> On 03/26/2014 06:39 AM, Sven Kieske wrote:
> >
> >
> > Am 26.03.2014 11:21, schrieb Itamar Heim:
> >> On 03/26/2014 06:16 AM, Sven Kieske wrote:
> >>> Hi,
> >>>
> >>> as we now have setup ldap, now the question which
> >>> never got answered in the first place:
> >>>
> >>> 1.
> >>> which rights do I need for read only access?
> >>>
> >>> as stated in BZ just login rights won't suffice.
> >>
> >> an admin role with login? why not?
> >> i thought we even pre-created such a default read only role by now:
> >> Bug 1038222 - [RFE] Read Only Admin role in AP
> >>
> >> (and you can create one yourself in 3.3 as well iirc)
> >>
> > What would happen if I create this user myself
> > and I want to upgrade to 3.4 somewhere in time?
> >
> > My guess would be the upgrade would fail if this
> > user gets added automatically, because it is already
> > there?
> >
> 
> its not a user. its a system defined role.
> you can create a user defined role (with a different name)
> you should do this via the GUI in 3.3, not via the db (then the uuid
> will be different as well, and no upgrade issues)

Regarding your upgrade question -
I would like to add that although we have a hard-coded internal admin user, your "read only" user (that is, a user you assigned the role you created) is not a hard coded one. I don't think we will go for a strategy of adding another "hardcoded" user for read only , so you should not have upgrade issues.

> 


More information about the Users mailing list