[ovirt-users] User permissions

Ondra Machacek omachace at redhat.com
Wed Dec 14 09:32:03 UTC 2016


On Wed, Dec 14, 2016 at 9:54 AM, Michal Skrivanek <
michal.skrivanek at redhat.com> wrote:

>
> On 9 Dec 2016, at 16:53, Bill Bill <jax2568 at outlook.com> wrote:
>
> Hello,
>
> There seems to be an issue with assigning permissions. When creating a
> user, if the user has “create” functionality for a VM, they can also delete
> the VM even if “delete” is not checked. Is this by design or perhaps
> something that was overlooked? Essentially, I want a user that can
> add/modify but not delete.
>
>
> it is probably a bug. worth filing a bug (ovirt-engine, virt)
>

It's not a bug. This is by design. When user has 'create_vm' permission and
he is using
UserPortal or filtered REST API, then he will get UserVmManager permission
on newly created VM
and with this permission you can delete that VM, but not any other vm, only
the one you've created.



> there’s likely no easy workaround…you can try to create your own role with
> only the create permission, but…unlikely
>
> Thanks,
> michal
>
> _______________________________________________
> Users mailing list
> Users at ovirt.org
> http://lists.phx.ovirt.org/mailman/listinfo/users
>
>
>
> _______________________________________________
> Users mailing list
> Users at ovirt.org
> http://lists.phx.ovirt.org/mailman/listinfo/users
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ovirt.org/pipermail/users/attachments/20161214/ede4b9b8/attachment-0001.html>


More information about the Users mailing list