[ovirt-users] extra permissions required to start VM via ovirt-shell?
Derek Atkins
derek at ihtfp.com
Thu Nov 10 14:26:51 UTC 2016
Awesome. Thank you. This solved the problem.
Looking with 20/20 hindsight, then --help output says this:
-F, --filter enables user permission based filtering
However as a n00b I would suggest that this is not sufficient to have
figured out the error. From the documentation it's totally unclear the
difference between Admin:VM -> Basic Operations -> Run VM and User:VM ->
Basic Operations -> Run VM. It's unclear from the Role Definition UI, and
it's unclear from the Administration Guide.
One would think that a permission is a permission. Anyways, thank you for
clearing this up. Hopefully this exchange will help the next person that
comes along trying to figure it all out.
Thank you!
-derek
On Thu, November 10, 2016 2:57 am, Ondra Machacek wrote:
> Hello,
>
> when using user roles (not admin ones) you have to use filter
> parameter. So you need to start the ovirt-shell similar to this:
>
> $ ovirt-shell --filter --username=... --url=... --ca-file=...
>
> On 11/09/2016 10:49 PM, Derek Atkins wrote:
>> Hi,
>>
>> I created a user and a new user role, VmStarter, that has two
>> permissions:
>> System -> Configure System -> Login Permissions
>> VM -> Basic Operations -> Run VM
>>
>> I assigned this new user to this role at the data center.
>>
>> If I login to the user portal with this user I get a screen with all
>> my VMs, and if a VM is down I can click on the "run" button and it will
>> start. If a machine is running I cannot click on the stop button (well,
>> I can, but I get a permission denied error, which is expected). So it
>> sounds like everything is working.
>>
>> Now I want to use ovirt-shell to do the same thing. I can login just
>> fine using this user's credentials, and I get connected. However when I
>> execute the command to start a VM:
>>
>> [oVirt shell (connected)]# action vm vm-0 start
>>
>> I get this error:
>>
>> ==================================== ERROR
>> =================================
>> status: 400
>> reason: Bad Request
>> detail: query execution failed due to insufficient permissions.
>> ============================================================================
>>
>> This seems to imply I'm missing a permission. But I have no idea what
>> permission I'm missing. I haven't found anything in the engine log that
>> would help me.
>>
>> Any ideas what's wrong and (more importantly) how to fix it?
>>
>> Thanks,
>>
>> -derek
>>
>
--
Derek Atkins 617-623-3745
derek at ihtfp.com www.ihtfp.com
Computer and Internet Security Consultant
More information about the Users
mailing list