[ovirt-users] user portal permissions

Jeff Clay jeffclay at gmail.com
Wed May 7 15:22:23 UTC 2014


I figured it out. I was using Configure -> System Permissions to add my
users and assign them to roles. Removing the users from there and adding
them under the Permissions tab on the actual object did what I wanted it to.


On Wed, May 7, 2014 at 10:14 AM, Jeff Clay <jeffclay at gmail.com> wrote:

> Thanks, that clarifies quite a bit. The permissions are being applied to
> "System" for the regular UserRole, but I don't see where to define what
> objects the roles are assigned to.
>
>
> On Wed, May 7, 2014 at 2:28 AM, Oved Ourfalli <ovedo at redhat.com> wrote:
>
>> Hi Jeff
>>
>> Roles determine two things:
>> 1. What the user can see
>> 2. What the user can do
>>
>> It is important to know on who is the user, what is the role (UserRole?
>> as you also mentioned SuperUser?) and on what object(s) was the role
>> granted on.
>> Assuming it is UserRole, on a specific user, then:
>> If on a VM, then the user can see/operate on this VM.
>> If on a Cluster, then the user can see/operate on all the VMs in this
>> cluster.
>> If on a DC, then the user can see/operate on all the VMs in clusters that
>> are part of this DC.
>> If on System, then the user can see/operate on all the VMs in the system.
>>
>> So the hierarchy is System-->DC-->Cluster-->VM.
>> I hope this clarifies you question.
>>
>> Regards,
>> Oved
>>
>>
>> ----- Original Message -----
>> > From: "Jeff Clay" <jeffclay at gmail.com>
>> > To: users at ovirt.org
>> > Sent: Monday, May 5, 2014 10:31:53 PM
>> > Subject: [ovirt-users] user portal permissions
>> >
>> > For some reason, when logged in as a user with a modifed copy role of
>> > UserRole (only has login permssion and VM -> Basic Operations -> Remote
>> Log
>> > In permission) the user can see all of the VM's and has the ability to
>> open
>> > a console, start, shutdown or suspend any of the VM's. I have verified
>> that
>> > all of the VM's only show the SuperUser role in their permissions. I
>> went
>> > through all of the roles and verified that the user is only a member of
>> the
>> > Copy_of_UserRole. The only thing I can think of is that the user is
>> > inheriting permissions from something, but I can't find what it is or
>> where.
>> > Any suggestions?
>> >
>> > Thanks.
>> >
>> > _______________________________________________
>> > Users mailing list
>> > Users at ovirt.org
>> > http://lists.ovirt.org/mailman/listinfo/users
>> >
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ovirt.org/pipermail/users/attachments/20140507/6d981d4c/attachment-0001.html>


More information about the Users mailing list