[ovirt-users] user permissions

Thu Jan 11 03:19:29 UTC 2018

according to the description of this article:
https://gerrit.ovirt.org/#/c/74173/

Changed the value of property 'ENGINE_API_FILTER_BY_DEFAULT' to
false,but it still did not work.BTW. My Ovirt is 4.2.0.2-1

thanks.

2018-01-11 10:57 GMT+08:00 Zhong Qiang <xiaoqiang3243 at gmail.com>:

> Hi,
>
>    I tried to give a user the permissions for  vms. when this user log in
> vm portal ,get  messages  "No VM available."
>  this user was granted follow roles:
>    UserVmManager
>    UserRole
>
>  engine logs:
>  2018-01-10 20:32:33,938-05 INFO  [org.ovirt.engine.core.bll.AddPermissionCommand]
> (EE-ManagedThreadFactory-engine-Thread-7438) [9b5a405a-c956-4d69-b286-f6b22cbf3c12]
> Running command: AddPermissionCommand internal: false. Entities affected :
> ID: 1cf75959-7992-43fe-a1f7-ed6c0c48fd35 Type: VMAction group
> MANIPULATE_PERMISSIONS with role type USER,  ID: 1cf75959-7992-43fe-a1f7-ed6c0c48fd35
> Type: VMAction group
>  ADD_USERS_AND_GROUPS_FROM_DIRECTORY with role type USER
> 2018-01-10 20:32:33,944-05 INFO  [org.ovirt.engine.core.bll.aaa.AddUserCommand]
> (EE-ManagedThreadFactory-engine-Thread-7438) [787deac0] Running command:
> AddUserCommand internal: true. Entities affected :
> ID: aaa00000-0000-0000-0000-123456789aaa Type: SystemAction group
> MANIPULATE_USERS with role type ADMIN
> 2018-01-10 20:32:33,981-05 INFO  [org.ovirt.engine.core.dal.
> dbbroker.auditloghandling.AuditLogDirector] (EE-ManagedThreadFactory-engine-Thread-7438)
> [787deac0] EVENT_ID: USER_ADD(149), User 'zhongq at ctcnet.com' was added
> successfully to the system.
> 2018-01-10 20:32:34,036-05 INFO  [org.ovirt.engine.core.dal.
> dbbroker.auditloghandling.AuditLogDirector] (EE-ManagedThreadFactory-engine-Thread-7438)
> [787deac0] EVENT_ID: USER_ADD_PERMISSION(850), User/Group
> zhongq at ctcnet.com, Namespace DC=ctcnet,DC=com, Authorization provider:
> ctcnet.com-authz was granted permission for Role UserRole on VM
> ubuntu16.04-64, by admin at internal-authz.
>
>
> 2018-01-10 20:38:06,263-05 INFO  [org.ovirt.engine.core.sso.utils.AuthenticationUtils]
> (default task-4) [] User zhongq at ctcnet.com successfully logged in with
> scopes: ovirt-app-admin ovirt-app-api ovirt-app-portal
> ovirt-ext=auth:sequence-priority=~ ovirt-ext=revoke:revoke-all
> ovirt-ext=token-info:authz-search ovirt-ext=token-info:public-authz-search
> ovirt-ext=token-info:validate ovirt-ext=token:passwor
> d-access
> 2018-01-10 20:38:06,301-05 INFO  [org.ovirt.engine.core.bll.aaa.CreateUserSessionCommand]
> (default task-5) [2a6c3d14] Running command: CreateUserSessionCommand
> internal: false.
> 2018-01-10 20:38:06,338-05 INFO  [org.ovirt.engine.core.dal.
> dbbroker.auditloghandling.AuditLogDirector] (default task-5) [2a6c3d14]
> EVENT_ID: USER_VDC_LOGIN(30), User zhongq at ctcnet.com@ctcnet.com-authz
> connecting from '10.10.19.228' using session 'z0/9HgB4mjzfDnIN4P/
> fe4A3fzwWIWWcR9xKDvsI/XXgHZApjRp1BCufgtSK6n3kvA/ScdP4qqGqiX01lyJHSQ=='
> logged in.
> 2018-01-10 20:38:06,956-05 ERROR [org.ovirt.engine.core.bll.GetSystemStatisticsQuery]
> (default task-14) [06c80cc6-ad15-4d82-a907-21ab9a5c1cc4] Query execution
> failed due to insufficient permissions.
> 2018-01-10 20:38:07,044-05 ERROR [org.ovirt.engine.core.bll.GetPermissionsForObjectQuery]
> (default task-20) [1b7a6564-534d-4df5-a2b7-52da214b95cd] Query execution
> failed due to insufficient permissions.
> 2018-01-10 20:38:07,045-05 ERROR [org.ovirt.engine.api.restapi.resource.AbstractBackendResource]
> (default task-20) [] Operation Failed: query execution failed due to
> insufficient permissions.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ovirt.org/pipermail/users/attachments/20180111/1618de76/attachment.html>