[ovirt-users] User with SuperAdmin Role has not MANIPULATE_STORAGE_DOMAIN

Thu Feb 18 12:41:19 UTC 2016

Le mercredi 13 janvier 2016 à 14:37 +0100, Kevin C a écrit :
> 
> Le 12/01/2016 16:57, Maor Lipchuk a écrit :
> > ----- Original Message -----
> > > From: "Kevin COUSIN" <kevin at famillecousin.fr>
> > > To: "Maor Lipchuk" <mlipchuk at redhat.com>
> > > Cc: "users" <users at ovirt.org>, "Oved Ourfali" <oourfali at redhat.co
> > > m>
> > > Sent: Tuesday, January 12, 2016 5:06:22 PM
> > > Subject: Re: [ovirt-users] User with SuperAdmin Role has not
> > > MANIPULATE_STORAGE_DOMAIN
> > > 
> > > I set SuperAdmin Role on a group.
> > > It dosen't work with StorageAdmin role.
> > > I can't add set roles with my directory account, I need to use ad
> > > min at internal
> > > account.
> > 
> > Which DC are you trying to attach the Storage Domain?
> 
> I try to attach the Storage Domain to the Default DC (I have only one
> DC).
> 
> >  From the attached print screens it looks like the DC you have
> > permissions on are infra and local.
> infra.local is our AD realm.
> 
> > Also, Which oVirt version are you using?
> I am using oVirt 3.6.1.
> 
> > If it is possible can you please send print screens with the
> > permissions of the user and the permissions on the Data Center?
> You have print screens attached but I think you're right. I set roles
> on 
> a group, and I can see my user has not Admin role defined desipte my 
> user is on the group (I can login with this user, create VM...).
> 
I confirm. If I set SuperAdmin role on user, I can attach my storage.
Roles can not be applied from groups from my users are ?

Regards


> > 
> > Thanks,
> > Maor
> Regards,
> 
> Kevin C
> 
> > 
> > > ------------------------
> > > 
> > >         COUSIN Kevin
> > > 
> > > ----- Mail original -----
> > > > De: "Maor Lipchuk" <mlipchuk at redhat.com>
> > > > À: "Kevin C" <kevin at famillecousin.fr>
> > > > Cc: "users" <users at ovirt.org>, "Oved Ourfali" <oourfali at redhat.
> > > > com>
> > > > Envoyé: Mardi 12 Janvier 2016 13:57:16
> > > > Objet: Re: [ovirt-users] User with SuperAdmin Role has not
> > > > MANIPULATE_STORAGE_DOMAIN
> > > > ----- Original Message -----
> > > > > From: "Kevin C" <kevin at famillecousin.fr>
> > > > > To: "Maor Lipchuk" <mlipchuk at redhat.com>
> > > > > Cc: "users" <users at ovirt.org>, "Oved Ourfali" <oourfali at redha
> > > > > t.com>
> > > > > Sent: Monday, January 11, 2016 11:04:11 AM
> > > > > Subject: Re: [ovirt-users] User with SuperAdmin Role has not
> > > > > MANIPULATE_STORAGE_DOMAIN
> > > > > 
> > > > > 
> > > > > 
> > > > > Le 09/01/2016 16:09, Maor Lipchuk a écrit :
> > > > > > Hi Kevin,
> > > > > > 
> > > > > > Does it still reproduce after the permissions were set?
> > > > > > 
> > > > > > Regards,
> > > > > > Maor
> > > > > > 
> > > > > Hi Maor,
> > > > > 
> > > > > Yes it does, I just try it with another Domain.
> > > > > 
> > > > > Regards
> > > > 
> > > > Which role have you added to your user? Can u please try to
> > > > edit the role
> > > > which
> > > > you have added to your user, does the role "Configure Storage
> > > > Domain" is
> > > > marked
> > > > (See attached screenshot).
> > > > Can you please try to add to the user the role StorageAdmin
> > > > (See second
> > > > attached
> > > > screenshot)
> > > > 
> > > > Regards,
> > > > Maor
> > > > 
> > > > > ---
> > > > > 
> > > > > Kevin C
> > > > > 
> > > > > 
> > > > > > ----- Original Message -----
> > > > > > > From: "Oved Ourfali" <oourfali at redhat.com>
> > > > > > > To: "Kevin C" <kevin at famillecousin.fr>
> > > > > > > Cc: "users" <users at ovirt.org>
> > > > > > > Sent: Friday, January 8, 2016 1:20:53 PM
> > > > > > > Subject: Re: [ovirt-users] User with SuperAdmin Role has
> > > > > > > not
> > > > > > > 	MANIPULATE_STORAGE_DOMAIN
> > > > > > > 
> > > > > > > 
> > > > > > > 
> > > > > > > CC-ing someone from the storage team to take a look.
> > > > > > > On Jan 7, 2016 6:43 PM, "Kevin C" < kevin at famillecousin.f
> > > > > > > r > wrote:
> > > > > > > 
> > > > > > > 
> > > > > > > 
> > > > > > > Hi,
> > > > > > > 
> > > > > > > I set it on "system" level, on right upper side.
> > > > > > > 
> > > > > > > Regards,
> > > > > > > 
> > > > > > > Le 07/01/2016 17:39, Oved Ourfali a écrit :
> > > > > > > 
> > > > > > > 
> > > > > > > 
> > > > > > > 
> > > > > > > Permissions in ovirt are composed of the role,
> > > > > > > user/group, and object.
> > > > > > > 
> > > > > > > I guess you refer to the SuperUser role. Question is what
> > > > > > > object you've
> > > > > > > granted it on.
> > > > > > > 
> > > > > > > In order to have a permission on "system" level, you gave
> > > > > > > to go to the
> > > > > > > configure dialog (see right upper side of your screen).
> > > > > > > 
> > > > > > > Regards,
> > > > > > > Oved Ourfali
> > > > > > > Hi list,
> > > > > > > 
> > > > > > > I set the SuperAdmin Role on a AD group. I use my account
> > > > > > > in this group
> > > > > > > to
> > > > > > > use oVirt. I try today to add an Export Domain but I
> > > > > > > failed with this
> > > > > > > error
> > > > > > > in log :
> > > > > > > 
> > > > > > > 2016-01-07 16:46:28,883 INFO
> > > > > > > [org.ovirt.engine.core.bll.storage.AttachStorageDomainToP
> > > > > > > oolCommand]
> > > > > > > (default task-1) [68d5410a] No permission found for user
> > > > > > > '8ac67747-110c-4125-86f1-1f52ca0e7705' or one of the
> > > > > > > groups he is
> > > > > > > member
> > > > > > > of,
> > > > > > > when running action 'AttachStorageDomainToPool', Required
> > > > > > > permissions
> > > > > > > are:
> > > > > > > Action type: 'ADMIN' Action group:
> > > > > > > 'MANIPULATE_STORAGE_DOMAIN' Object
> > > > > > > type:
> > > > > > > 'Storage' Object ID: 'c7dee64d-a27e-446e-8656-
> > > > > > > cef2d8ea42a6'.
> > > > > > > 
> > > > > > > 
> > > > > > > Where can I set the good permission ?
> > > > > > > 
> > > > > > > Thanks a lot
> > > > > > > ---
> > > > > > > Kevin C
> > > > > > > _______________________________________________
> > > > > > > Users mailing list
> > > > > > > Users at ovirt.org
> > > > > > > http://lists.ovirt.org/mailman/listinfo/users
> > > > > > > 
> > > > > > > 
> > > > > > > 
> > > > > > > 
> > > > > > > _______________________________________________
> > > > > > > Users mailing list
> > > > > > > Users at ovirt.org
> > > > > > > http://lists.ovirt.org/mailman/listinfo/users
> > > > > > > 
> 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5772 bytes
Desc: not available
URL: <http://lists.ovirt.org/pipermail/users/attachments/20160218/de2e3f73/attachment-0001.bin>