[ovirt-users] user portal permissions
jeffclay at gmail.com
Wed May 7 15:22:23 UTC 2014
I figured it out. I was using Configure -> System Permissions to add my
users and assign them to roles. Removing the users from there and adding
them under the Permissions tab on the actual object did what I wanted it to.
On Wed, May 7, 2014 at 10:14 AM, Jeff Clay <jeffclay at gmail.com> wrote:
> Thanks, that clarifies quite a bit. The permissions are being applied to
> "System" for the regular UserRole, but I don't see where to define what
> objects the roles are assigned to.
> On Wed, May 7, 2014 at 2:28 AM, Oved Ourfalli <ovedo at redhat.com> wrote:
>> Hi Jeff
>> Roles determine two things:
>> 1. What the user can see
>> 2. What the user can do
>> It is important to know on who is the user, what is the role (UserRole?
>> as you also mentioned SuperUser?) and on what object(s) was the role
>> granted on.
>> Assuming it is UserRole, on a specific user, then:
>> If on a VM, then the user can see/operate on this VM.
>> If on a Cluster, then the user can see/operate on all the VMs in this
>> If on a DC, then the user can see/operate on all the VMs in clusters that
>> are part of this DC.
>> If on System, then the user can see/operate on all the VMs in the system.
>> So the hierarchy is System-->DC-->Cluster-->VM.
>> I hope this clarifies you question.
>> ----- Original Message -----
>> > From: "Jeff Clay" <jeffclay at gmail.com>
>> > To: users at ovirt.org
>> > Sent: Monday, May 5, 2014 10:31:53 PM
>> > Subject: [ovirt-users] user portal permissions
>> > For some reason, when logged in as a user with a modifed copy role of
>> > UserRole (only has login permssion and VM -> Basic Operations -> Remote
>> > In permission) the user can see all of the VM's and has the ability to
>> > a console, start, shutdown or suspend any of the VM's. I have verified
>> > all of the VM's only show the SuperUser role in their permissions. I
>> > through all of the roles and verified that the user is only a member of
>> > Copy_of_UserRole. The only thing I can think of is that the user is
>> > inheriting permissions from something, but I can't find what it is or
>> > Any suggestions?
>> > Thanks.
>> > _______________________________________________
>> > Users mailing list
>> > Users at ovirt.org
>> > http://lists.ovirt.org/mailman/listinfo/users
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Users