[ovirt-users] user portal permissions

Oved Ourfalli ovedo at redhat.com
Wed May 7 07:28:58 UTC 2014


Hi Jeff

Roles determine two things:
1. What the user can see
2. What the user can do

It is important to know on who is the user, what is the role (UserRole? as you also mentioned SuperUser?) and on what object(s) was the role granted on.
Assuming it is UserRole, on a specific user, then:
If on a VM, then the user can see/operate on this VM.
If on a Cluster, then the user can see/operate on all the VMs in this cluster.
If on a DC, then the user can see/operate on all the VMs in clusters that are part of this DC.
If on System, then the user can see/operate on all the VMs in the system.

So the hierarchy is System-->DC-->Cluster-->VM.
I hope this clarifies you question.

Regards,
Oved


----- Original Message -----
> From: "Jeff Clay" <jeffclay at gmail.com>
> To: users at ovirt.org
> Sent: Monday, May 5, 2014 10:31:53 PM
> Subject: [ovirt-users] user portal permissions
> 
> For some reason, when logged in as a user with a modifed copy role of
> UserRole (only has login permssion and VM -> Basic Operations -> Remote Log
> In permission) the user can see all of the VM's and has the ability to open
> a console, start, shutdown or suspend any of the VM's. I have verified that
> all of the VM's only show the SuperUser role in their permissions. I went
> through all of the roles and verified that the user is only a member of the
> Copy_of_UserRole. The only thing I can think of is that the user is
> inheriting permissions from something, but I can't find what it is or where.
> Any suggestions?
> 
> Thanks.
> 
> _______________________________________________
> Users mailing list
> Users at ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
> 



More information about the Users mailing list