<div dir="ltr"><div><div>That&#39;s right I remove internal properties :/<br><br></div>This is the output of the commands:<br><br><b>/usr/share/ovirt-engine/bin/o</b><b>virt-engine-role.sh --command=add --user-name=admin --authz-name=internal-authz --role=SuperUser<br><br></b></div><b>Output:<br></b><div><br>FATAL: Please specify provider namespace<br><br><div><div><b>su - postgres -c &quot;psql -t engine -c \&quot;select * from users;\&quot;&quot;<br><br></b></div><div><b>Output:</b> <br></div><div><br>fdfc627c-d875-11e0-90f0-83df133b58cc | admin  |               | internal             | admin    |            |                         |      | t                       | fdfc627c-d875-11e0-90f0-83df133b58cc | 2015-09-19 21:38:44.838161-<br>05 | 2016-06-18 20:42:18.883738-05 | *<br> 16f666bb-b4c8-44c9-8264-30c3aff63a6e |        | Administrator | <a href="http://udistritaloas.edu.co">udistritaloas.edu.co</a> | admin    |            |                         |      | f                       | 41cd26a2-0e0a-11e6-aa00-001a4a160159 | 2016-06-19 11:53:39.249812-<br>05 | 2016-06-19 12:24:41.590162-05 | *<br> c01c263a-78c5-4524-a94e-c9aa38141ea9 | Julian | Tete          | internal-authz       | julian   |            | <a href="mailto:danteconrad14@gmail.com">danteconrad14@gmail.com</a> |      | f                       | 1ad3dc19-b15a-493c-9610-2ccdd0dac6af | 2016-06-20 11:22:56.483292-<br>05 | 2016-06-20 11:23:19.261686-05 | *<br> 7f300f43-9972-4c0e-bfa9-e86df6f1659f | admin  |               | internal-authz       | admin    |            |                         |      | f                       | fdfc627c-d875-11e0-90f0-83df133b58cc | 2016-06-19 11:43:51.644981-<br>05 | 2016-06-20 16:06:49.138862-05 | *<br><b><br>su - postgres -c &quot;psql -t engine -c \&quot;select * from permissions;\&quot;&quot;<br><br></b></div><div><b>Otput:<br></b></div><div><br> 00000004-0004-0004-0004-00000000025e | def00009-0000-0000-0000-def000000009 | eee00000-0000-0000-0000-123456789eee | 00000000-0000-0000-0000-000000000000 |              4 |    1447535033<br> 0000000f-000f-000f-000f-000000000293 | def0000a-0000-0000-0000-def000000010 | eee00000-0000-0000-0000-123456789eee | 0000000e-000e-000e-000e-0000000002d6 |             27 |    1447535033<br> 00000003-0003-0003-0003-00000000009c | 00000000-0000-0000-0000-000000000001 | fdfc627c-d875-11e0-90f0-83df133b58cc | aaa00000-0000-0000-0000-123456789aaa |              1 |    1447535033<br> 00000006-0006-0006-0006-0000000000e3 | 00000000-0000-0000-0001-000000000002 | fdfc627c-d875-11e0-90f0-83df133b58cc | aaa00000-0000-0000-0000-123456789aaa |              1 |    1447535033<br> 00000011-0011-0011-0011-0000000002a9 | def00009-0000-0000-0000-def000000009 | eee00000-0000-0000-0000-123456789eee | 00000010-0010-0010-0010-0000000001d1 |              4 |    1447535033<br> 00000013-0013-0013-0013-00000000031e | def00009-0000-0000-0000-def000000009 | eee00000-0000-0000-0000-123456789eee | 00000012-0012-0012-0012-0000000001c6 |              4 |    1447535033<br> 00000015-0015-0015-0015-0000000003b8 | def00009-0000-0000-0000-def000000009 | eee00000-0000-0000-0000-123456789eee | 00000014-0014-0014-0014-0000000002fd |              4 |    1447535033<br> 00000017-0017-0017-0017-000000000388 | def00009-0000-0000-0000-def000000009 | eee00000-0000-0000-0000-123456789eee | 00000016-0016-0016-0016-0000000002b0 |              4 |    1447535033<br> 00000019-0019-0019-0019-0000000003d5 | def00009-0000-0000-0000-def000000009 | eee00000-0000-0000-0000-123456789eee | 00000018-0018-0018-0018-000000000314 |              4 |    1447535033<br> 00000027-0027-0027-0027-00000000027e | def00021-0000-0000-0000-def000000015 | eee00000-0000-0000-0000-123456789eee | aaa00000-0000-0000-0000-123456789aaa |              1 |    1447535037<br> 7a3917ea-b2df-444f-938c-f768feeaee04 | def00009-0000-0000-0000-def000000009 | eee00000-0000-0000-0000-123456789eee | 8fa947f7-c698-4661-aea4-a093bbd0ba0b |              4 |    1457665842<br> e8abc833-b860-451c-b580-780c7d1049d4 | def0000a-0000-0000-0000-def00000000f | fdfc627c-d875-11e0-90f0-83df133b58cc | 8fa947f7-c698-4661-aea4-a093bbd0ba0b |              4 |    1457665842<br> c4d609ca-f2de-4c13-a9a6-b73e9dd9c34c | def0000a-0000-0000-0000-def00000000b | fdfc627c-d875-11e0-90f0-83df133b58cc | 9881e686-90d0-4da3-85b4-b8a1b3638396 |             19 |    1463161875<br><br></div></div></div></div><div class="gmail_extra"><br><div class="gmail_quote">2016-06-21 9:18 GMT-05:00 Ondra Machacek <span dir="ltr">&lt;<a href="mailto:omachace@redhat.com" target="_blank">omachace@redhat.com</a>&gt;</span>:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class="">On 06/20/2016 08:33 PM, Julián Tete wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Thanks Ondra :)<br>
<br>
With the command:<br>
<br>
su - postgres -c &quot;psql -t engine -c \&quot;insert into permissions values<br>
(&#39;0000001b-001b-001b-001b-00000000029f&#39;,<br>
&#39;00000000-0000-0000-0000-000000000001&#39;,<br>
&#39;fdfc627c-d875-11e0-90f0-83df133b58cc&#39;,<br>
&#39;aaa00000-0000-0000-0000-123456789aaa&#39;, 1);\&quot;&quot;<br>
<br>
</blockquote>
<br></span>
I&#39;ve just remembered, that there is bash script for it:<br>
<br>
 /usr/share/ovirt-engine/bin/ovirt-engine-role.sh<br>
<br>
You can use it as follows:<br>
<br>
 /usr/share/ovirt-engine/bin/ovirt-engine-role.sh --command=add --user-name=admin --authz-name=internal-authz --role=SuperUser<br>
<br>
But, as per your output above, obviously your problem is not missing permissions.<br>
I think the problem is that you removed internal*.properties files and then re-add it.<br>
Can you please send output of users table and permissions table. Thanks.<br>
<br>
 su - postgres -c &quot;psql -t engine -c \&quot;select * from users;\&quot;&quot;<br>
 su - postgres -c &quot;psql -t engine -c \&quot;select * from permissions;\&quot;&quot;<br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div class="h5">
I get:<br>
<br>
ERROR:  duplicate key value violates unique constraint<br>
&quot;idx_combined_ad_role_object&quot;<br>
DETAIL:  Key (ad_element_id, role_id,<br>
object_id)=(fdfc627c-d875-11e0-90f0-83df133b58cc,<br>
00000000-0000-0000-0000-000000000001,<br>
aaa00000-0000-0000-0000-123456789aaa) already exists.<br>
<br>
History<br>
<br>
  261  yum install ovirt-engine-extension-aaa-ldap<br>
  262  cp -r<br>
/usr/share/ovirt-engine-extension-aaa-ldap/examples/ad/aaa/profile1.properties<br>
/etc/ovirt-engine/<br>
  263  cd /etc/ovirt-engine/<br>
  264  ll<br>
  265  vim profile1.properties<br>
  266  ll<br>
  267  cd cp<br>
/usr/share/ovirt-engine-extension-aaa-ldap/examples/simple/extensions.d/*<br>
/etc/ovirt-engine/extensions.d/<br>
  268  cd cp /usr/share/ovirt-engine-extension-aaa-ldap/examples/<br>
  269  cd<br>
/usr/share/ovirt-engine-extension-aaa-ldap/examples/simple/extensions.d/<br>
  270  ll<br>
  271  cp<br>
/usr/share/ovirt-engine-extension-aaa-ldap/examples/simple/extensions.d/*<br>
/etc/ovirt-engine/extensions.d/<br>
  272  cd /etc/ovirt-engine/extensions.d/<br>
  273  ll<br>
  274  find / -type f -iname profile1.properties<br>
  275  cp -r<br>
/usr/share/ovirt-engine-extension-aaa-ldap/examples/ad/aaa/profile1.properties<br>
/etc/ovirt-engine/aaa/<br>
  276  find / -type f -iname profile1.properties<br>
  277  vim /etc/ovirt-engine/aaa/profile1.properties<br>
  278  chown ovirt:ovirt /etc/ovirt-engine/aaa/profile1.properties<br>
  279  chmod 600 /etc/ovirt-engine/aaa/profile1.properties<br>
  280  systemctl restart ovirt-engine<br>
  281  vim /etc/ovirt-engine/extensions.d/profile1-authn.properties<br>
  282  cd /usr/share/<br>
  283  ls<br>
  284  cd ovirt-engine-aaa-ldap<br>
  285  ls<br>
  286  cd ovirt-engine-extension-aaa-ldap/<br>
  287  ls<br>
  288  cd examples/<br>
  289  ls<br>
  290  cd ad<br>
  291  ls<br>
  292  cd extensions.d/<br>
  293  ls<br>
  294  vim profile1-authn.properties<br>
  295  pwd<br>
  296  cd ..<br>
  297  pwd<br>
  298  cd ..<br>
  299  ls<br>
  300  cd simple<br>
  301  ls<br>
  302  cd aaa/<br>
  303  ls<br>
  304  vim profile1.properties<br>
  305  pwd<br>
  306  rm -rf /etc/ovirt-engine/aaa/profile1.properties<br>
  307  cp -r<br>
/usr/share/ovirt-engine-extension-aaa-ldap/examples/simple/aaa/profile1.properties<br>
/etc/ovirt-engine/aaa/<br>
  308  vim /etc/ovirt-engine/aaa/profile1.properties<br>
  309  history<br>
  310  chown ovirt:ovirt /etc/ovirt-engine/aaa/profile1.properties<br>
  311  chmod 600 /etc/ovirt-engine/aaa/profile1.properties<br>
  312  systemctl restart ovirt-engine<br>
  313  updatedb<br>
  314  locate domain1-authn.properties<br>
  315  history<br>
  316  cd /usr/share/ovirt-engine-extension-aaa-ldap/examples/simple/aaa/<br>
  317  ll<br>
  318  cd /usr/share/ovirt-engine-extension-aaa-ldap/examples/simple/<br>
  319  ls<br>
  320  cd extensions.d/<br>
  321  ls<br>
  322  pwd<br>
  323  cd /etc/ovirt-engine/extensions.d/<br>
  324  ls<br>
  325  cp -r<br>
/usr/share/ovirt-engine-extension-aaa-ldap/examples/simple/extensions.d/<br>
/etc/ovirt-engine/extensions.d/<br>
  326   cp -r<br>
/usr/share/ovirt-engine-extension-aaa-ldap/examples/simple/extensions.d/* /etc/ovirt-engine/extensions.d/<br>
  327  rm -rf /etc/ovirt-engine/extensions.d/profile1-authn.properties<br>
  328  rm -rf /etc/ovirt-engine/extensions.d/profile1-authz.properties<br>
  329   cp -r<br>
/usr/share/ovirt-engine-extension-aaa-ldap/examples/simple/extensions.d/* /etc/ovirt-engine/extensions.d/<br>
  330  ll<br>
  331  history<br>
  332  chown ovirt:ovirt /etc/ovirt-engine/extensions.d/*<br>
  333  chmod 600 /etc/ovirt-engine/extensions.d/*<br>
  334  ll<br>
  335  cd extensions.d/<br>
  336  ll<br>
  337  cd<br>
  338  engine-config -s SASL_QOP=auth<br>
  339  systemctl restart ovirt-engine<br>
  340  engine-manage-domains add --domain=<a href="http://udistritaloas.edu.co" rel="noreferrer" target="_blank">udistritaloas.edu.co</a><br></div></div><span class="">
&lt;<a href="http://udistritaloas.edu.co" rel="noreferrer" target="_blank">http://udistritaloas.edu.co</a>&gt; --provider=ipa --user=admin<br>
--ldap-servers=<a href="http://freeipa.udistritaloas.edu.co" rel="noreferrer" target="_blank">freeipa.udistritaloas.edu.co</a><br>
&lt;<a href="http://freeipa.udistritaloas.edu.co" rel="noreferrer" target="_blank">http://freeipa.udistritaloas.edu.co</a>&gt;<br></span><div><div class="h5">
  341  systemctl restart ovirt-engine<br>
  342  engine-manage-domains list<br>
  343  history<br>
  344  cd /etc/ovirt-engine/extensions.d/<br>
  345  ll<br>
  346  rm -rf internal-authn.properties<br>
  347  rm -rf internal-authz.properties<br>
  348  rm -rf profile1-authn.properties<br>
  349  rm -rf profile1-authz.properties<br>
  350  history<br>
  351  cd /etc/ovirt-engine/aaa/<br>
  352  ll<br>
  353  rm -rf profile1.properties<br>
  354  vim internal.properties<br>
  355  systemctl restart ovirt-engine<br>
  356  ovirt-aaa-jdbc-tool user edit admin<br>
--account-valid-to=&quot;2100-01-01 00:00:00Z&quot;<br>
  357  ovirt-aaa-jdbc-tool user password-reset admin<br>
--password-valid-to=&quot;2100-01-01 00:00:00Z&quot;<br>
  358  engine-config -s AdminPassword=interactive<br>
  359  ovirt-aaa-jdbc-tool user password-reset admin<br>
--password-valid-to=&quot;2100-01-01 00:00:00Z&quot;<br>
  360  systemctl restart ovirt-engine<br>
  361  exit<br>
  362  cd /etc/ovirt-engine/aaa/<br>
  363  ll<br>
  364  vim internal.properties<br>
  365  /etc/ovirt-engine/extensions.d/<br>
  366  cd /etc/ovirt-engine/extensions.d/<br>
  367  ll<br>
  368  cd extensions.d/<br>
  369  ll<br>
  370  pwd<br>
  371  ll<br>
  372  cd ..<br>
  373  ll<br>
  374  cd ..<br>
  375  ll<br>
  376  cd /etc/ovirt-engine/extensions.d/<br>
  377  ll<br>
  378  cd extensions.d/<br>
  379  ll<br>
  380  pwd<br>
  381  ll<br>
  382  cd ..<br>
  383  ll<br>
  384  systemctl restart ovirt-engine.service<br>
  385  ovirt-aaa-jdbc-tool user edit admin<br>
--account-valid-to=&quot;2100-01-01 00:00:00Z&quot;<br>
  386  ovirt-aaa-jdbc-tool user password-reset admin<br>
--password-valid-to=&quot;2100-01-01 00:00:00Z&quot;<br>
  387  systemctl restart ovirt-engine.service<br>
  388  ovirt-aaa-jdbc-tool user password-reset admin@internal<br>
--password-valid-to=&quot;2100-01-01 00:00:00Z&quot;<br>
  389  yum install -y ovirt-engine-extension-aaa-jdbc<br>
  390  engine-setup<br>
  391  ovirt-aaa-jdbc-tool user show admin<br>
  392  ovirt-aaa-jdbc-tool settings show<br>
  393  cd /var/log<br>
  394  ll<br>
  395  cd ovirt-engine<br>
  396  ll<br>
  397  tail -f n 100 ui.log<br>
  398  ll<br>
  399  tail -f -n engine.log<br>
  400  tail -f -n 1000 engine.log<br>
  401  tail -n 5000 engine.log | grep admin@internal<br>
  402  ovirt-aaa-jdbc-tool user show admin<br>
  403  ovirt-aaa-jdbc-tool user show admin@internal<br>
  404  ovirt-aaa-jdbc-tool query --what=user<br>
  405  engine-config -s AdminPassword=interactive<br>
  406  vim /etc/ovirt-engine/extension.d/internal-authn.properties<br>
  407  vim /etc/ovirt-engine/extensions.d/internal-authn.properties<br>
  408  cd /etc/ovirt-engine/extensions.d/<br>
  409  ll<br>
  410  vim /etc/ovirt-engine/aaa/internal.properties<br>
  411  cd /etc/ovirt-engine/aaa/<br>
  412  ll<br>
  413  vim internal.properties<br>
  414  pwd<br>
  415  ovirt-aaa-jdbc-tool user add julian<br>
--attribute=firstName=Julian     --attribute=lastName=Tete<br></div></div>
--attribute=email=<a href="mailto:danteconrad14@gmail.com" target="_blank">danteconrad14@gmail.com</a> &lt;mailto:<a href="mailto:danteconrad14@gmail.com" target="_blank">danteconrad14@gmail.com</a>&gt;<span class=""><br>
  416  ovirt-aaa-jdbc-tool user password-reset julian<br>
--password-valid-to=&quot;2025-08-15 10:30:00Z&quot;<br>
  417  history<br>
  418  tail -n 5000 engine.log | grep admin@internal<br>
  419  tail -n 5000 /var/log/ovirt-engine/engine.log | grep admin@internal<br>
  420  ovirt-aaa-jdbc-tool user edit admin<br>
--account-valid-from=&quot;2015-10-01 00:00:00Z&quot;<br>
  421  ovirt-aaa-jdbc-tool user password-reset admin --force<br>
--password-valid-to=&quot;2100-01-01 00:00:00Z&quot;<br>
  422  systemctl restart ovirt-engine.service<br>
  423  history<br>
  424  ovirt-aaa-jdbc-tool query --what=user<br>
  425  updatedb<br>
  426  locate internal<br>
  427  yum install -y ovirt-engine-cli<br>
  428  cd /opt<br>
  429  cd /opt/<br>
<br>
<br>
<br>
2016-06-20 13:24 GMT-05:00 Ondra Machacek &lt;<a href="mailto:omachace@redhat.com" target="_blank">omachace@redhat.com</a><br></span>
&lt;mailto:<a href="mailto:omachace@redhat.com" target="_blank">omachace@redhat.com</a>&gt;&gt;:<div><div class="h5"><br>
<br>
    On 06/20/2016 06:36 PM, Julián Tete wrote:<br>
<br>
        oVirt: 3.6.2<br>
<br>
        Trying to use:<br>
<br>
        <a href="https://github.com/machacekondra/ovirt-engine-kerbldap-migration" rel="noreferrer" target="_blank">https://github.com/machacekondra/ovirt-engine-kerbldap-migration</a><br>
<br>
        First use:<br>
<br>
        engine-manage-domains add --domain=<a href="http://udistritaloas.edu.co" rel="noreferrer" target="_blank">udistritaloas.edu.co</a><br>
        &lt;<a href="http://udistritaloas.edu.co" rel="noreferrer" target="_blank">http://udistritaloas.edu.co</a>&gt;<br>
        &lt;<a href="http://udistritaloas.edu.co" rel="noreferrer" target="_blank">http://udistritaloas.edu.co</a>&gt; --provider=ipa --user=admin<br>
        --ldap-servers=<a href="http://freeipa.udistritaloas.edu.co" rel="noreferrer" target="_blank">freeipa.udistritaloas.edu.co</a><br>
        &lt;<a href="http://freeipa.udistritaloas.edu.co" rel="noreferrer" target="_blank">http://freeipa.udistritaloas.edu.co</a>&gt;<br>
        &lt;<a href="http://freeipa.udistritaloas.edu.co" rel="noreferrer" target="_blank">http://freeipa.udistritaloas.edu.co</a>&gt;<br>
<br>
<br>
        The domain was added, but a I can&#39;t access to the webadmin portal :/<br>
<br>
        I get the message:<br>
<br>
        &quot;User is not authorized to perform this action.&quot;<br>
<br>
        In ovirt-cli<br>
<br>
        [401] - Unauthorized<br>
<br>
        tail -n 5000 /var/log/ovirt-engine/engine.log | grep admin@internal<br>
<br>
        2016-06-20 10:52:22,835 ERROR<br>
        [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector]<br>
        (default task-32) [] Correlation ID: null, Call Stack: null, Custom<br>
        Event ID: -1, Message: User admin@internal failed to log in.<br>
        2016-06-20 10:52:22,836 WARN<br>
        [org.ovirt.engine.core.bll.aaa.LoginAdminUserCommand] (default<br>
        task-32)<br>
        [] CanDoAction of action &#39;LoginAdminUser&#39; failed for user<br>
        admin@internal. Reasons: USER_NOT_AUTHORIZED_TO_PERFORM_ACTION<br>
        2016-06-20 11:00:37,679 ERROR<br>
        [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector]<br>
        (default task-3) [] Correlation ID: null, Call Stack: null,<br>
        Custom Event<br>
        ID: -1, Message: User admin@internal failed to log in.<br>
        2016-06-20 11:00:37,679 WARN<br>
        [org.ovirt.engine.core.bll.aaa.LoginUserCommand] (default task-3) []<br>
        CanDoAction of action &#39;LoginUser&#39; failed for user admin@internal.<br>
        Reasons: USER_NOT_AUTHORIZED_TO_PERFORM_ACTION<br>
        2016-06-20 11:01:04,016 ERROR<br>
        [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector]<br>
        (default task-4) [] Correlation ID: null, Call Stack: null,<br>
        Custom Event<br>
        ID: -1, Message: User admin@internal failed to log in.<br>
        2016-06-20 11:01:04,016 WARN<br>
        [org.ovirt.engine.core.bll.aaa.LoginUserCommand] (default task-4) []<br>
        CanDoAction of action &#39;LoginUser&#39; failed for user admin@internal.<br>
        Reasons: USER_NOT_AUTHORIZED_TO_PERFORM_ACTION<br>
<br>
<br>
    I am little bit lost, what was your steps, to get into this state,<br>
    but it looks that your admin@internal user was removed SuperUser<br>
    permissions, I am really not sure how could you achieve that, but to<br>
    fix it please run following command:<br>
<br>
     $ su - postgres -c &quot;psql -t engine -c \&quot;insert into permissions<br>
    values (&#39;0000001b-001b-001b-001b-00000000029f&#39;,<br>
    &#39;00000000-0000-0000-0000-000000000001&#39;,<br>
    &#39;fdfc627c-d875-11e0-90f0-83df133b58cc&#39;,<br>
    &#39;aaa00000-0000-0000-0000-123456789aaa&#39;, 1);\&quot;&quot;<br>
<br>
    This command will add your admin@internal SuperUser permissions on<br>
    system.<br>
<br>
    Can you please describe what have you done a bit more, so we can<br>
    understand the problem?<br>
<br>
    Thanks.<br>
<br>
<br>
        Properties of Internal domain:<br>
<br>
        cat /etc/ovirt-engine/aaa/internal.properties<br>
<br>
        <a href="http://ovirt.engine.extension.name" rel="noreferrer" target="_blank">ovirt.engine.extension.name</a> &lt;<a href="http://ovirt.engine.extension.name" rel="noreferrer" target="_blank">http://ovirt.engine.extension.name</a>&gt;<br>
        &lt;<a href="http://ovirt.engine.extension.name" rel="noreferrer" target="_blank">http://ovirt.engine.extension.name</a>&gt; =<br>
        internal-authn<br>
        ovirt.engine.extension.bindings.method = jbossmodule<br>
        ovirt.engine.extension.binding.jbossmodule.module =<br>
        org.ovirt.engine.extension.aaa.jdbc<br>
        ovirt.engine.extension.binding.jbossmodule.class =<br>
        org.ovirt.engine.extension.aaa.jdbc.binding.api.AuthnExtension<br>
        ovirt.engine.extension.provides =<br>
        org.ovirt.engine.api.extensions.aaa.Authn<br>
        <a href="http://ovirt.engine.aaa.authn.profile.name" rel="noreferrer" target="_blank">ovirt.engine.aaa.authn.profile.name</a><br>
        &lt;<a href="http://ovirt.engine.aaa.authn.profile.name" rel="noreferrer" target="_blank">http://ovirt.engine.aaa.authn.profile.name</a>&gt;<br>
        &lt;<a href="http://ovirt.engine.aaa.authn.profile.name" rel="noreferrer" target="_blank">http://ovirt.engine.aaa.authn.profile.name</a>&gt; = internal<br>
        ovirt.engine.aaa.authn.authz.plugin = internal-authz<br>
        config.datasource.file = /etc/ovirt-engine/aaa/internal.properties<br>
<br>
        cat /etc/ovirt-engine/extensions.d/internal-authn.properties<br>
<br>
        <a href="http://ovirt.engine.extension.name" rel="noreferrer" target="_blank">ovirt.engine.extension.name</a> &lt;<a href="http://ovirt.engine.extension.name" rel="noreferrer" target="_blank">http://ovirt.engine.extension.name</a>&gt;<br>
        &lt;<a href="http://ovirt.engine.extension.name" rel="noreferrer" target="_blank">http://ovirt.engine.extension.name</a>&gt; =<br>
        internal-authn<br>
        ovirt.engine.extension.bindings.method = jbossmodule<br>
        ovirt.engine.extension.binding.jbossmodule.module =<br>
        org.ovirt.engine.extension.aaa.jdbc<br>
        ovirt.engine.extension.binding.jbossmodule.class =<br>
        org.ovirt.engine.extension.aaa.jdbc.binding.api.AuthnExtension<br>
        ovirt.engine.extension.provides =<br>
        org.ovirt.engine.api.extensions.aaa.Authn<br>
        <a href="http://ovirt.engine.aaa.authn.profile.name" rel="noreferrer" target="_blank">ovirt.engine.aaa.authn.profile.name</a><br>
        &lt;<a href="http://ovirt.engine.aaa.authn.profile.name" rel="noreferrer" target="_blank">http://ovirt.engine.aaa.authn.profile.name</a>&gt;<br></div></div><div><div class="h5">
        &lt;<a href="http://ovirt.engine.aaa.authn.profile.name" rel="noreferrer" target="_blank">http://ovirt.engine.aaa.authn.profile.name</a>&gt; = internal<br>
        ovirt.engine.aaa.authn.authz.plugin = internal-authz<br>
        config.datasource.file = /etc/ovirt-engine/aaa/internal.properties<br>
<br>
        cat /etc/ovirt-engine/extensions.d/internal-authz.properties<br>
<br>
        <a href="http://ovirt.engine.extension.name" rel="noreferrer" target="_blank">ovirt.engine.extension.name</a> &lt;<a href="http://ovirt.engine.extension.name" rel="noreferrer" target="_blank">http://ovirt.engine.extension.name</a>&gt;<br>
        &lt;<a href="http://ovirt.engine.extension.name" rel="noreferrer" target="_blank">http://ovirt.engine.extension.name</a>&gt; =<br>
<br>
        internal-authz<br>
        ovirt.engine.extension.bindings.method = jbossmodule<br>
        ovirt.engine.extension.binding.jbossmodule.module =<br>
        org.ovirt.engine.extension.aaa.jdbc<br>
        ovirt.engine.extension.binding.jbossmodule.class =<br>
        org.ovirt.engine.extension.aaa.jdbc.binding.api.AuthzExtension<br>
        ovirt.engine.extension.provides =<br>
        org.ovirt.engine.api.extensions.aaa.Authz<br>
        config.datasource.file = /etc/ovirt-engine/aaa/internal.properties<br>
<br>
        Properties of admin@internal user:<br>
<br>
        ovirt-aaa-jdbc-tool user show admin<br>
<br>
        -- User admin(fdfc627c-d875-11e0-90f0-83df133b58cc) --<br>
        Namespace: *<br>
        Name: admin<br>
        ID: fdfc627c-d875-11e0-90f0-83df133b58cc<br>
        Display Name:<br>
        Email:<br>
        First Name: admin<br>
        Last Name:<br>
        Department:<br>
        Title:<br>
        Description:<br>
        Account Disabled: false<br>
        Account Unlocked At: 1970-01-01 00:00:00Z<br>
        Account Valid From: 2015-10-01 00:00:00Z<br>
        Account Valid To: 2100-01-01 00:00:00Z<br>
        Account Without Password: false<br>
        Last successful Login At: 2016-06-20 16:01:03Z<br>
        Last unsuccessful Login At: 2016-06-19 16:53:07Z<br>
        Password Valid To: 2100-01-01 00:00:00Z<br>
<br>
        ¿ Can I assign privilegies to the user ? ¿ Any idea ?<br>
<br>
<br>
        _______________________________________________<br>
        Users mailing list<br></div></div>
        <a href="mailto:Users@ovirt.org" target="_blank">Users@ovirt.org</a> &lt;mailto:<a href="mailto:Users@ovirt.org" target="_blank">Users@ovirt.org</a>&gt;<br>
        <a href="http://lists.ovirt.org/mailman/listinfo/users" rel="noreferrer" target="_blank">http://lists.ovirt.org/mailman/listinfo/users</a><br>
<br>
<br>
</blockquote>
</blockquote></div><br></div>