[ovirt-users] user portal permissions
jeffclay at gmail.com
Wed May 7 15:14:43 UTC 2014
Thanks, that clarifies quite a bit. The permissions are being applied to
"System" for the regular UserRole, but I don't see where to define what
objects the roles are assigned to.
On Wed, May 7, 2014 at 2:28 AM, Oved Ourfalli <ovedo at redhat.com> wrote:
> Hi Jeff
> Roles determine two things:
> 1. What the user can see
> 2. What the user can do
> It is important to know on who is the user, what is the role (UserRole? as
> you also mentioned SuperUser?) and on what object(s) was the role granted
> Assuming it is UserRole, on a specific user, then:
> If on a VM, then the user can see/operate on this VM.
> If on a Cluster, then the user can see/operate on all the VMs in this
> If on a DC, then the user can see/operate on all the VMs in clusters that
> are part of this DC.
> If on System, then the user can see/operate on all the VMs in the system.
> So the hierarchy is System-->DC-->Cluster-->VM.
> I hope this clarifies you question.
> ----- Original Message -----
> > From: "Jeff Clay" <jeffclay at gmail.com>
> > To: users at ovirt.org
> > Sent: Monday, May 5, 2014 10:31:53 PM
> > Subject: [ovirt-users] user portal permissions
> > For some reason, when logged in as a user with a modifed copy role of
> > UserRole (only has login permssion and VM -> Basic Operations -> Remote
> > In permission) the user can see all of the VM's and has the ability to
> > a console, start, shutdown or suspend any of the VM's. I have verified
> > all of the VM's only show the SuperUser role in their permissions. I went
> > through all of the roles and verified that the user is only a member of
> > Copy_of_UserRole. The only thing I can think of is that the user is
> > inheriting permissions from something, but I can't find what it is or
> > Any suggestions?
> > Thanks.
> > _______________________________________________
> > Users mailing list
> > Users at ovirt.org
> > http://lists.ovirt.org/mailman/listinfo/users
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Users