[ovirt-users] user portal permissions

Jeff Clay jeffclay at gmail.com
Wed May 7 15:14:43 UTC 2014


Thanks, that clarifies quite a bit. The permissions are being applied to
"System" for the regular UserRole, but I don't see where to define what
objects the roles are assigned to.


On Wed, May 7, 2014 at 2:28 AM, Oved Ourfalli <ovedo at redhat.com> wrote:

> Hi Jeff
>
> Roles determine two things:
> 1. What the user can see
> 2. What the user can do
>
> It is important to know on who is the user, what is the role (UserRole? as
> you also mentioned SuperUser?) and on what object(s) was the role granted
> on.
> Assuming it is UserRole, on a specific user, then:
> If on a VM, then the user can see/operate on this VM.
> If on a Cluster, then the user can see/operate on all the VMs in this
> cluster.
> If on a DC, then the user can see/operate on all the VMs in clusters that
> are part of this DC.
> If on System, then the user can see/operate on all the VMs in the system.
>
> So the hierarchy is System-->DC-->Cluster-->VM.
> I hope this clarifies you question.
>
> Regards,
> Oved
>
>
> ----- Original Message -----
> > From: "Jeff Clay" <jeffclay at gmail.com>
> > To: users at ovirt.org
> > Sent: Monday, May 5, 2014 10:31:53 PM
> > Subject: [ovirt-users] user portal permissions
> >
> > For some reason, when logged in as a user with a modifed copy role of
> > UserRole (only has login permssion and VM -> Basic Operations -> Remote
> Log
> > In permission) the user can see all of the VM's and has the ability to
> open
> > a console, start, shutdown or suspend any of the VM's. I have verified
> that
> > all of the VM's only show the SuperUser role in their permissions. I went
> > through all of the roles and verified that the user is only a member of
> the
> > Copy_of_UserRole. The only thing I can think of is that the user is
> > inheriting permissions from something, but I can't find what it is or
> where.
> > Any suggestions?
> >
> > Thanks.
> >
> > _______________________________________________
> > Users mailing list
> > Users at ovirt.org
> > http://lists.ovirt.org/mailman/listinfo/users
> >
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ovirt.org/pipermail/users/attachments/20140507/35df7cfd/attachment-0001.html>


More information about the Users mailing list