[ovirt-users] User with SuperAdmin Role has not MANIPULATE_STORAGE_DOMAIN

Tue Jan 12 15:57:09 UTC 2016

----- Original Message -----
> From: "Kevin COUSIN" <kevin at famillecousin.fr>
> To: "Maor Lipchuk" <mlipchuk at redhat.com>
> Cc: "users" <users at ovirt.org>, "Oved Ourfali" <oourfali at redhat.com>
> Sent: Tuesday, January 12, 2016 5:06:22 PM
> Subject: Re: [ovirt-users] User with SuperAdmin Role has not MANIPULATE_STORAGE_DOMAIN
> 
> I set SuperAdmin Role on a group.
> It dosen't work with StorageAdmin role.
> I can't add set roles with my directory account, I need to use admin at internal
> account.


Which DC are you trying to attach the Storage Domain?
>From the attached print screens it looks like the DC you have permissions on are infra and local.
Also, Which oVirt version are you using?
If it is possible can you please send print screens with the permissions of the user and the permissions on the Data Center?

Thanks,
Maor


> 
> ------------------------
> 
>        COUSIN Kevin
> 
> ----- Mail original -----
> > De: "Maor Lipchuk" <mlipchuk at redhat.com>
> > À: "Kevin C" <kevin at famillecousin.fr>
> > Cc: "users" <users at ovirt.org>, "Oved Ourfali" <oourfali at redhat.com>
> > Envoyé: Mardi 12 Janvier 2016 13:57:16
> > Objet: Re: [ovirt-users] User with SuperAdmin Role has not
> > MANIPULATE_STORAGE_DOMAIN
> 
> > ----- Original Message -----
> >> From: "Kevin C" <kevin at famillecousin.fr>
> >> To: "Maor Lipchuk" <mlipchuk at redhat.com>
> >> Cc: "users" <users at ovirt.org>, "Oved Ourfali" <oourfali at redhat.com>
> >> Sent: Monday, January 11, 2016 11:04:11 AM
> >> Subject: Re: [ovirt-users] User with SuperAdmin Role has not
> >> MANIPULATE_STORAGE_DOMAIN
> >> 
> >> 
> >> 
> >> Le 09/01/2016 16:09, Maor Lipchuk a écrit :
> >> > Hi Kevin,
> >> >
> >> > Does it still reproduce after the permissions were set?
> >> >
> >> > Regards,
> >> > Maor
> >> >
> >> Hi Maor,
> >> 
> >> Yes it does, I just try it with another Domain.
> >> 
> >> Regards
> > 
> > 
> > Which role have you added to your user? Can u please try to edit the role
> > which
> > you have added to your user, does the role "Configure Storage Domain" is
> > marked
> > (See attached screenshot).
> > Can you please try to add to the user the role StorageAdmin (See second
> > attached
> > screenshot)
> > 
> > Regards,
> > Maor
> > 
> >> 
> >> ---
> >> 
> >> Kevin C
> >> 
> >> 
> >> > ----- Original Message -----
> >> >> From: "Oved Ourfali" <oourfali at redhat.com>
> >> >> To: "Kevin C" <kevin at famillecousin.fr>
> >> >> Cc: "users" <users at ovirt.org>
> >> >> Sent: Friday, January 8, 2016 1:20:53 PM
> >> >> Subject: Re: [ovirt-users] User with SuperAdmin Role has not
> >> >> 	MANIPULATE_STORAGE_DOMAIN
> >> >>
> >> >>
> >> >>
> >> >> CC-ing someone from the storage team to take a look.
> >> >> On Jan 7, 2016 6:43 PM, "Kevin C" < kevin at famillecousin.fr > wrote:
> >> >>
> >> >>
> >> >>
> >> >> Hi,
> >> >>
> >> >> I set it on "system" level, on right upper side.
> >> >>
> >> >> Regards,
> >> >>
> >> >> Le 07/01/2016 17:39, Oved Ourfali a écrit :
> >> >>
> >> >>
> >> >>
> >> >>
> >> >> Permissions in ovirt are composed of the role, user/group, and object.
> >> >>
> >> >> I guess you refer to the SuperUser role. Question is what object you've
> >> >> granted it on.
> >> >>
> >> >> In order to have a permission on "system" level, you gave to go to the
> >> >> configure dialog (see right upper side of your screen).
> >> >>
> >> >> Regards,
> >> >> Oved Ourfali
> >> >> Hi list,
> >> >>
> >> >> I set the SuperAdmin Role on a AD group. I use my account in this group
> >> >> to
> >> >> use oVirt. I try today to add an Export Domain but I failed with this
> >> >> error
> >> >> in log :
> >> >>
> >> >> 2016-01-07 16:46:28,883 INFO
> >> >> [org.ovirt.engine.core.bll.storage.AttachStorageDomainToPoolCommand]
> >> >> (default task-1) [68d5410a] No permission found for user
> >> >> '8ac67747-110c-4125-86f1-1f52ca0e7705' or one of the groups he is
> >> >> member
> >> >> of,
> >> >> when running action 'AttachStorageDomainToPool', Required permissions
> >> >> are:
> >> >> Action type: 'ADMIN' Action group: 'MANIPULATE_STORAGE_DOMAIN' Object
> >> >> type:
> >> >> 'Storage' Object ID: 'c7dee64d-a27e-446e-8656-cef2d8ea42a6'.
> >> >>
> >> >>
> >> >> Where can I set the good permission ?
> >> >>
> >> >> Thanks a lot
> >> >> ---
> >> >> Kevin C
> >> >> _______________________________________________
> >> >> Users mailing list
> >> >> Users at ovirt.org
> >> >> http://lists.ovirt.org/mailman/listinfo/users
> >> >>
> >> >>
> >> >>
> >> >>
> >> >> _______________________________________________
> >> >> Users mailing list
> >> >> Users at ovirt.org
> >> >> http://lists.ovirt.org/mailman/listinfo/users
> >> >>
> >> 
>