subject:"\\\[ovirt\\\-users\\\] user permissions"

[ovirt-users] User permissions needed to clone template disk

2019-03-25 Thread Wood Peter

Hi,

Users have PowerUserRole permissions on the cluster and the storage
objects. Also TemplateCreator role on the Datacenter.

When users create VMs from templates there is no option to clone the disk
and create independent VM disk. The resource allocation section is not
visible at all.

What permissions should I give users so they can clone the disk when
creating a VM from a template?

Using oVirt 4.2.8.2-1.el7

Thank you,
-- Peter
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/CTPCB6SFIUEVUZSNYGIQCOTJBEVIRRTZ/

Re: [ovirt-users] user permissions

2018-01-10 Thread Zhong Qiang

according to the description of this article:
https://gerrit.ovirt.org/#/c/74173/

Changed the value of property 'ENGINE_API_FILTER_BY_DEFAULT' to
false,but it still did not work.BTW. My Ovirt is 4.2.0.2-1


thanks.


2018-01-11 10:57 GMT+08:00 Zhong Qiang :

> Hi,
>
>I tried to give a user the permissions for  vms. when this user log in
> vm portal ,get  messages  "No VM available."
>  this user was granted follow roles:
>UserVmManager
>UserRole
>
>  engine logs:
>  2018-01-10 20:32:33,938-05 INFO  
> [org.ovirt.engine.core.bll.AddPermissionCommand]
> (EE-ManagedThreadFactory-engine-Thread-7438) 
> [9b5a405a-c956-4d69-b286-f6b22cbf3c12]
> Running command: AddPermissionCommand internal: false. Entities affected :
> ID: 1cf75959-7992-43fe-a1f7-ed6c0c48fd35 Type: VMAction group
> MANIPULATE_PERMISSIONS with role type USER,  ID: 
> 1cf75959-7992-43fe-a1f7-ed6c0c48fd35
> Type: VMAction group
>  ADD_USERS_AND_GROUPS_FROM_DIRECTORY with role type USER
> 2018-01-10 20:32:33,944-05 INFO  
> [org.ovirt.engine.core.bll.aaa.AddUserCommand]
> (EE-ManagedThreadFactory-engine-Thread-7438) [787deac0] Running command:
> AddUserCommand internal: true. Entities affected :
> ID: aaa0----123456789aaa Type: SystemAction group
> MANIPULATE_USERS with role type ADMIN
> 2018-01-10 20:32:33,981-05 INFO  [org.ovirt.engine.core.dal.
> dbbroker.auditloghandling.AuditLogDirector] 
> (EE-ManagedThreadFactory-engine-Thread-7438)
> [787deac0] EVENT_ID: USER_ADD(149), User 'zho...@ctcnet.com' was added
> successfully to the system.
> 2018-01-10 20:32:34,036-05 INFO  [org.ovirt.engine.core.dal.
> dbbroker.auditloghandling.AuditLogDirector] 
> (EE-ManagedThreadFactory-engine-Thread-7438)
> [787deac0] EVENT_ID: USER_ADD_PERMISSION(850), User/Group
> zho...@ctcnet.com, Namespace DC=ctcnet,DC=com, Authorization provider:
> ctcnet.com-authz was granted permission for Role UserRole on VM
> ubuntu16.04-64, by admin@internal-authz.
>
>
> 2018-01-10 20:38:06,263-05 INFO  
> [org.ovirt.engine.core.sso.utils.AuthenticationUtils]
> (default task-4) [] User zho...@ctcnet.com successfully logged in with
> scopes: ovirt-app-admin ovirt-app-api ovirt-app-portal
> ovirt-ext=auth:sequence-priority=~ ovirt-ext=revoke:revoke-all
> ovirt-ext=token-info:authz-search ovirt-ext=token-info:public-authz-search
> ovirt-ext=token-info:validate ovirt-ext=token:passwor
> d-access
> 2018-01-10 20:38:06,301-05 INFO  
> [org.ovirt.engine.core.bll.aaa.CreateUserSessionCommand]
> (default task-5) [2a6c3d14] Running command: CreateUserSessionCommand
> internal: false.
> 2018-01-10 20:38:06,338-05 INFO  [org.ovirt.engine.core.dal.
> dbbroker.auditloghandling.AuditLogDirector] (default task-5) [2a6c3d14]
> EVENT_ID: USER_VDC_LOGIN(30), User zho...@ctcnet.com@ctcnet.com-authz
> connecting from '10.10.19.228' using session 'z0/9HgB4mjzfDnIN4P/
> fe4A3fzwWIWWcR9xKDvsI/XXgHZApjRp1BCufgtSK6n3kvA/ScdP4qqGqiX01lyJHSQ=='
> logged in.
> 2018-01-10 20:38:06,956-05 ERROR 
> [org.ovirt.engine.core.bll.GetSystemStatisticsQuery]
> (default task-14) [06c80cc6-ad15-4d82-a907-21ab9a5c1cc4] Query execution
> failed due to insufficient permissions.
> 2018-01-10 20:38:07,044-05 ERROR 
> [org.ovirt.engine.core.bll.GetPermissionsForObjectQuery]
> (default task-20) [1b7a6564-534d-4df5-a2b7-52da214b95cd] Query execution
> failed due to insufficient permissions.
> 2018-01-10 20:38:07,045-05 ERROR 
> [org.ovirt.engine.api.restapi.resource.AbstractBackendResource]
> (default task-20) [] Operation Failed: query execution failed due to
> insufficient permissions.
>
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

[ovirt-users] user permissions

2018-01-10 Thread Zhong Qiang

Hi,

   I tried to give a user the permissions for  vms. when this user log in
vm portal ,get  messages  "No VM available."
 this user was granted follow roles:
   UserVmManager
   UserRole

 engine logs:
 2018-01-10 20:32:33,938-05 INFO
[org.ovirt.engine.core.bll.AddPermissionCommand]
(EE-ManagedThreadFactory-engine-Thread-7438)
[9b5a405a-c956-4d69-b286-f6b22cbf3c12] Running command:
AddPermissionCommand internal: false. Entities affected :  ID:
1cf75959-7992-43fe-a1f7-ed6c0c48fd35 Type: VMAction group
MANIPULATE_PERMISSIONS with role type USER,  ID:
1cf75959-7992-43fe-a1f7-ed6c0c48fd35 Type: VMAction group
 ADD_USERS_AND_GROUPS_FROM_DIRECTORY with role type USER
2018-01-10 20:32:33,944-05 INFO
[org.ovirt.engine.core.bll.aaa.AddUserCommand]
(EE-ManagedThreadFactory-engine-Thread-7438) [787deac0] Running command:
AddUserCommand internal: true. Entities affected :
ID: aaa0----123456789aaa Type: SystemAction group
MANIPULATE_USERS with role type ADMIN
2018-01-10 20:32:33,981-05 INFO
[org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector]
(EE-ManagedThreadFactory-engine-Thread-7438) [787deac0] EVENT_ID:
USER_ADD(149), User 'zho...@ctcnet.com' was added successfully to the
system.
2018-01-10 20:32:34,036-05 INFO
[org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector]
(EE-ManagedThreadFactory-engine-Thread-7438) [787deac0] EVENT_ID:
USER_ADD_PERMISSION(850), User/Group zho...@ctcnet.com, Namespace
DC=ctcnet,DC=com, Authorization provider: ctcnet.com-authz was granted
permission for Role UserRole on VM ubuntu16.04-64, by admin@internal-authz.


2018-01-10 20:38:06,263-05 INFO
[org.ovirt.engine.core.sso.utils.AuthenticationUtils] (default task-4) []
User zho...@ctcnet.com successfully logged in with scopes: ovirt-app-admin
ovirt-app-api ovirt-app-portal ovirt-ext=auth:sequence-priority=~
ovirt-ext=revoke:revoke-all ovirt-ext=token-info:authz-search
ovirt-ext=token-info:public-authz-search ovirt-ext=token-info:validate
ovirt-ext=token:passwor
d-access
2018-01-10 20:38:06,301-05 INFO
[org.ovirt.engine.core.bll.aaa.CreateUserSessionCommand] (default task-5)
[2a6c3d14] Running command: CreateUserSessionCommand internal: false.
2018-01-10 20:38:06,338-05 INFO
[org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector]
(default task-5) [2a6c3d14] EVENT_ID: USER_VDC_LOGIN(30), User
zho...@ctcnet.com@ctcnet.com-authz connecting from '10.10.19.228' using
session
'z0/9HgB4mjzfDnIN4P/fe4A3fzwWIWWcR9xKDvsI/XXgHZApjRp1BCufgtSK6n3kvA/ScdP4qqGqiX01lyJHSQ=='
logged in.
2018-01-10 20:38:06,956-05 ERROR
[org.ovirt.engine.core.bll.GetSystemStatisticsQuery] (default task-14)
[06c80cc6-ad15-4d82-a907-21ab9a5c1cc4] Query execution failed due to
insufficient permissions.
2018-01-10 20:38:07,044-05 ERROR
[org.ovirt.engine.core.bll.GetPermissionsForObjectQuery] (default task-20)
[1b7a6564-534d-4df5-a2b7-52da214b95cd] Query execution failed due to
insufficient permissions.
2018-01-10 20:38:07,045-05 ERROR
[org.ovirt.engine.api.restapi.resource.AbstractBackendResource] (default
task-20) [] Operation Failed: query execution failed due to insufficient
permissions.
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] user permissions

2017-07-07 Thread Fabrice Bacchella

OK, I remember having seen that. But it slip out of my mind. Thanks

> Le 7 juil. 2017 à 13:43, Ondra Machacek  a écrit :
> 
> Please read the description of this commit:
> 
> https://gerrit.ovirt.org/#/c/74173/
> 
> Change the value of property 'ENGINE_API_FILTER_BY_DEFAULT' to true,
> and it will work, if you use 4.1.1.
> 
> 
> On Wed, Jul 5, 2017 at 5:55 PM, Fabrice Bacchella
>  wrote:
>> I'm trying to give a user the permissions to stop/start a specific server.
>> 
>> This user is given the generic UserRole for the System.
>> 
>> I tried to give him the roles :
>> UserVmManager
>> UserVmRunTimeManager
>> UserInstanceManager
>> InstanceCreator
>> UserRole
>> 
>> for that specific VM, I always get: query execution failed due to 
>> insufficient permissions.
>> 
>> As soon as I give him the SuperUser role, he can stop/start it.
>> 
>> What role should I give him for that VM ? I don't want to give the privilege 
>> to destroy the vm, or add disks. But he should be able to change the os 
>> settings too.
>> ___
>> Users mailing list
>> Users@ovirt.org
>> http://lists.ovirt.org/mailman/listinfo/users

___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] user permissions

2017-07-07 Thread Ondra Machacek

Please read the description of this commit:

 https://gerrit.ovirt.org/#/c/74173/

Change the value of property 'ENGINE_API_FILTER_BY_DEFAULT' to true,
and it will work, if you use 4.1.1.


On Wed, Jul 5, 2017 at 5:55 PM, Fabrice Bacchella
 wrote:
> I'm trying to give a user the permissions to stop/start a specific server.
>
> This user is given the generic UserRole for the System.
>
> I tried to give him the roles :
> UserVmManager
> UserVmRunTimeManager
> UserInstanceManager
> InstanceCreator
> UserRole
>
> for that specific VM, I always get: query execution failed due to 
> insufficient permissions.
>
> As soon as I give him the SuperUser role, he can stop/start it.
>
> What role should I give him for that VM ? I don't want to give the privilege 
> to destroy the vm, or add disks. But he should be able to change the os 
> settings too.
> ___
> Users mailing list
> Users@ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] user permissions

2017-07-06 Thread Fabrice Bacchella

It's getting stranger. I have written code to dump roles and permits for a 
given user.

./ovcmd user -n rexecutor roles | gsort -V
...
has role 'InstanceCreator' on vm 'fa42'
has role 'UserInstanceManager' on vm 'fa42'
has role 'UserRole' on vm 'fa42'
has role 'UserVmManager' on vm 'fa42'
has role 'UserVmRunTimeManager' on vm 'fa42'

So no super-user role for that VM.

./ovcmd user -n rexecutor permits
...
vm/fa42:
  add_users_and_groups_from_directory
  assign_cpu_profile
  attach_disk
  change_vm_cd
  configure_vm_network
  configure_vm_storage
  connect_to_vm
  create_disk
  create_vm
  delete_disk
  delete_vm
  edit_disk_properties
  edit_vm_properties
  hibernate_vm
  login
  manipulate_permissions
  reboot_vm
  run_vm
  shut_down_vm
  sparsify_disk
  stop_vm

./ovcmd  -u rexecutor@internal --passwordfile=/tmp/passwordfile vm -n fa42 stop
The action "vm stop" failed with: query execution failed due to insufficient 
permissions.

The role has the stop_vm but it can't stop it.

Now I add the SuperUser role for that VM.

./ovcmd user -n rexecutor roles | gsort -V
...
has role 'InstanceCreator' on vm 'fa42'
has role 'SuperUser' on vm 'fa42'
has role 'UserInstanceManager' on vm 'fa42'
has role 'UserRole' on vm 'fa42'
has role 'UserVmManager' on vm 'fa42'
has role 'UserVmRunTimeManager' on vm 'fa42'


The permits are the same:

./ovcmd user -n rexecutor permits
vm/fa42:
  add_users_and_groups_from_directory
  assign_cpu_profile
  attach_disk
  change_vm_cd
  configure_vm_network
  configure_vm_storage
  connect_to_vm
  create_disk
  create_vm
  delete_disk
  delete_vm
  edit_disk_properties
  edit_vm_properties
  hibernate_vm
  login
  manipulate_permissions
  reboot_vm
  run_vm
  shut_down_vm
  sparsify_disk
  stop_vm

./ovcmd  -u rexecutor@internal --passwordfile=/tmp/passwordfile vm -n fa42 stop
(OK)

But now it can stop the vm. Why ?


> Le 5 juil. 2017 à 17:55, Fabrice Bacchella  a 
> écrit :
> 
> I'm trying to give a user the permissions to stop/start a specific server.
> 
> This user is given the generic UserRole for the System.
> 
> I tried to give him the roles :
> UserVmManager
> UserVmRunTimeManager
> UserInstanceManager
> InstanceCreator
> UserRole
> 
> for that specific VM, I always get: query execution failed due to 
> insufficient permissions.
> 
> As soon as I give him the SuperUser role, he can stop/start it.
> 
> What role should I give him for that VM ? I don't want to give the privilege 
> to destroy the vm, or add disks. But he should be able to change the os 
> settings too.
> ___
> Users mailing list
> Users@ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users

___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

[ovirt-users] user permissions

2017-07-05 Thread Fabrice Bacchella

I'm trying to give a user the permissions to stop/start a specific server.

This user is given the generic UserRole for the System.

I tried to give him the roles :
UserVmManager
UserVmRunTimeManager
UserInstanceManager
InstanceCreator
UserRole

for that specific VM, I always get: query execution failed due to insufficient 
permissions.

As soon as I give him the SuperUser role, he can stop/start it.

What role should I give him for that VM ? I don't want to give the privilege to 
destroy the vm, or add disks. But he should be able to change the os settings 
too.
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] User permissions

2016-12-14 Thread Ondra Machacek

On Wed, Dec 14, 2016 at 9:54 AM, Michal Skrivanek <
michal.skriva...@redhat.com> wrote:

>
> On 9 Dec 2016, at 16:53, Bill Bill  wrote:
>
> Hello,
>
> There seems to be an issue with assigning permissions. When creating a
> user, if the user has “create” functionality for a VM, they can also delete
> the VM even if “delete” is not checked. Is this by design or perhaps
> something that was overlooked? Essentially, I want a user that can
> add/modify but not delete.
>
>
> it is probably a bug. worth filing a bug (ovirt-engine, virt)
>

It's not a bug. This is by design. When user has 'create_vm' permission and
he is using
UserPortal or filtered REST API, then he will get UserVmManager permission
on newly created VM
and with this permission you can delete that VM, but not any other vm, only
the one you've created.



> there’s likely no easy workaround…you can try to create your own role with
> only the create permission, but…unlikely
>
> Thanks,
> michal
>
> ___
> Users mailing list
> Users@ovirt.org
> http://lists.phx.ovirt.org/mailman/listinfo/users
>
>
>
> ___
> Users mailing list
> Users@ovirt.org
> http://lists.phx.ovirt.org/mailman/listinfo/users
>
>
___
Users mailing list
Users@ovirt.org
http://lists.phx.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] User permissions

2016-12-14 Thread Michal Skrivanek


> On 9 Dec 2016, at 16:53, Bill Bill  wrote:
> 
> Hello,
>  
> There seems to be an issue with assigning permissions. When creating a user, 
> if the user has “create” functionality for a VM, they can also delete the VM 
> even if “delete” is not checked. Is this by design or perhaps something that 
> was overlooked? Essentially, I want a user that can add/modify but not delete.

it is probably a bug. worth filing a bug (ovirt-engine, virt)
there’s likely no easy workaround…you can try to create your own role with only 
the create permission, but…unlikely

Thanks,
michal

> ___
> Users mailing list
> Users@ovirt.org 
> http://lists.phx.ovirt.org/mailman/listinfo/users 
> 
___
Users mailing list
Users@ovirt.org
http://lists.phx.ovirt.org/mailman/listinfo/users

[ovirt-users] User permissions

2016-12-09 Thread Bill Bill

Hello,

There seems to be an issue with assigning permissions. When creating a user, if 
the user has “create” functionality for a VM, they can also delete the VM even 
if “delete” is not checked. Is this by design or perhaps something that was 
overlooked? Essentially, I want a user that can add/modify but not delete.
___
Users mailing list
Users@ovirt.org
http://lists.phx.ovirt.org/mailman/listinfo/users

[ovirt-users] User permissions for user portal

2014-09-20 Thread J. Mikulec


Hello,

I can't figure out right user permissions. I can add user which can do 
just this through user portal:


- see and change status of VM (including Power Off)
- remote console
- change CD (+ maybe os type)

Change status and console (without power off) comes with UserRole, power 
off and change CD comes with UserVmManager. But UserVmManager brigns 
also wide options to manage network interfaces, disks etc, what is 
unsafe for me to delegate it to this user.


Thanks, J.M.
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] User permissions for user portal

2014-09-20 Thread Oved Ourfali

You can create your own custom user roles via the administration portal. And 
the assign these permissions to users. Go to the configure dialog on the upper 
right part of the administrative portal, and you'll find it there.

Oved

On Sep 20, 2014 11:34 AM, J. Mikulec j...@mikulec.name wrote:

 Hello, 

 I can't figure out right user permissions. I can add user which can do 
 jHello,

I can't figure out right user permissions. I can add user which can do 
just this through user portal:

- see and change status of VM (including Power Off)
- remote console
- change CD (+ maybe os type)

Change status and console (without power off) comes with UserRole, power 
off and change CD comes with UserVmManager. But UserVmManager brigns 
also wide options to manage network interfaces, disks etc, what is 
unsafe for me to delegate it to this user.

Thanks, J.M.
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] User permissions for user portal

2014-09-20 Thread J. Mikulec


Hello,

thanks. I forgot to write I tried this before but cannot find 
appropriate permission combination for this. One was same as UserRole, 
another same as UserVmManager :-/


I think my requirement is typical for VPS sell/rent, provide flexibility 
to friend/customer and have it without much work and with security. So 
cannot believe oVirt does not support this ...


Thanks, J.M.


Dne 20.9.2014 v 12:11 Oved Ourfali napsal(a):

You can create your own custom user roles via the administration portal. And 
the assign these permissions to users. Go to the configure dialog on the upper 
right part of the administrative portal, and you'll find it there.

Oved

On Sep 20, 2014 11:34 AM, J. Mikulec j...@mikulec.name wrote:


Hello,

I can't figure out right user permissions. I can add user which can do
jHello,


I can't figure out right user permissions. I can add user which can do
just this through user portal:

- see and change status of VM (including Power Off)
- remote console
- change CD (+ maybe os type)

Change status and console (without power off) comes with UserRole, power
off and change CD comes with UserVmManager. But UserVmManager brigns
also wide options to manage network interfaces, disks etc, what is
unsafe for me to delegate it to this user.

Thanks, J.M.
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] user permissions

2014-07-23 Thread Oved Ourfali

Hi

I was able to reproduce similar errors in the log, but with regards to 
GetRngQeury and not SearchQuery.
And, it caused an issue with selecting an instance type, but I was able to 
create a VM successfully, while being only a PowerUser on the DC.
I'll post the fix for that.
What version are you using?
Perhaps your issue was already solved?
Did you open a bug on your issue?

Thanks,
Oved

- Original Message -
 From: Oved Ourfali ov...@redhat.com
 To: Jorick Astrego j.astr...@netbulae.eu
 Cc: users@ovirt.org
 Sent: Tuesday, July 22, 2014 2:04:01 PM
 Subject: Re: [ovirt-users] user permissions
 
 Please open a bug on that.
 But please provide full details, what permissions on what object, and what
 dialog are you opening, what operation are you trying to do, with the
 complete logs.
 
 Thanks,
 Oved
 
 - Original Message -
  From: Jorick Astrego j.astr...@netbulae.eu
  Cc: users@ovirt.org
  Sent: Tuesday, July 22, 2014 1:57:44 PM
  Subject: Re: [ovirt-users] user permissions
  
  
  The only relevant things I see in the log are lots of these:
  
  2014-07-22 09:52:46,867 ERROR [org.ovirt.engine.core.bll.SearchQuery]
  (ajp--127.0.0.1-8702-12) Query execution failed due to insufficient
  permissions.
  2014-07-22 09:52:46,867 ERROR [org.ovirt.engine.core.bll.SearchQuery]
  (ajp--127.0.0.1-8702-12) Query execution failed due to insufficient
  permissions.
  2014-07-22 09:53:46,869 ERROR [org.ovirt.engine.core.bll.SearchQuery]
  (ajp--127.0.0.1-8702-5) Query execution failed due to insufficient
  permissions.
  2014-07-22 09:53:46,869 ERROR [org.ovirt.engine.core.bll.SearchQuery]
  (ajp--127.0.0.1-8702-5) Query execution failed due to insufficient
  permissions.
  2014-07-22 09:54:46,865 ERROR [org.ovirt.engine.core.bll.SearchQuery]
  (ajp--127.0.0.1-8702-8) Query execution failed due to insufficient
  permissions.
  2014-07-22 09:54:46,865 ERROR [org.ovirt.engine.core.bll.SearchQuery]
  (ajp--127.0.0.1-8702-8) Query execution failed due to insufficient
  permissions.
  
  2014-07-22 10:27:46,879 ERROR [org.ovirt.engine.core.bll.SearchQuery]
  (ajp--127.0.0.1-8702-5) Query execution failed due to insufficient
  permissions.
  2014-07-22 10:27:46,880 ERROR [org.ovirt.engine.core.bll.SearchQuery]
  (ajp--127.0.0.1-8702-5) Query execution failed due to insufficient
  permissions.
  2014-07-22 10:28:46,949 ERROR [org.ovirt.engine.core.bll.SearchQuery]
  (ajp--127.0.0.1-8702-1) Query execution failed due to insufficient
  permissions.
  2014-07-22 10:28:46,950 ERROR [org.ovirt.engine.core.bll.SearchQuery]
  (ajp--127.0.0.1-8702-1) Query execution failed due to insufficient
  permissions.
  2014-07-22 10:29:46,887 ERROR [org.ovirt.engine.core.bll.SearchQuery]
  (ajp--127.0.0.1-8702-4) Query execution failed due to insufficient
  permissions.
  2014-07-22 10:29:46,887 ERROR [org.ovirt.engine.core.bll.SearchQuery]
  (ajp--127.0.0.1-8702-4) Query execution failed due to insufficient
  permissions.
  
  2014-07-22 10:36:46,911 ERROR [org.ovirt.engine.core.bll.SearchQuery]
  (ajp--127.0.0.1-8702-13) Query execution failed due to insufficient
  permissions.
  2014-07-22 10:36:46,911 ERROR [org.ovirt.engine.core.bll.SearchQuery]
  (ajp--127.0.0.1-8702-13) Query execution failed due to insufficient
  permissions.
  2014-07-22 10:37:46,924 ERROR [org.ovirt.engine.core.bll.SearchQuery]
  (ajp--127.0.0.1-8702-1) Query execution failed due to insufficient
  permissions.
  2014-07-22 10:37:46,924 ERROR [org.ovirt.engine.core.bll.SearchQuery]
  (ajp--127.0.0.1-8702-1) Query execution failed due to insufficient
  permissions.
  2014-07-22 10:38:46,966 ERROR [org.ovirt.engine.core.bll.SearchQuery]
  (ajp--127.0.0.1-8702-8) Query execution failed due to insufficient
  permissions.
  2014-07-22 10:38:46,967 ERROR [org.ovirt.engine.core.bll.SearchQuery]
  (ajp--127.0.0.1-8702-8) Query execution failed due to insufficient
  permissions.
  2014-07-22 10:39:46,941 ERROR [org.ovirt.engine.core.bll.SearchQuery]
  (ajp--127.0.0.1-8702-5) Query execution failed due to insufficient
  permissions.
  2014-07-22 10:39:46,942 ERROR [org.ovirt.engine.core.bll.SearchQuery]
  (ajp--127.0.0.1-8702-5) Query execution failed due to insufficient
  permissions.
  
  Kind regards,
  Jorick
  
  
  On 07/22/2014 12:16 PM, Oved Ourfali wrote:
  
  
  
  Setting PowerUser for some user on System or on a DC should be enough to
  create VMs on it.
  What error do you get?
  Can you share your logs?
  
  - Original Message -
  
  
  
  From: Jorick Astrego j.astr...@netbulae.eu Cc: users@ovirt.org Sent:
  Tuesday, July 22, 2014 12:26:38 PM
  Subject: Re: [ovirt-users] user permissions
  
  I had it set on the system (with the configure button) and the DC but
  tried every combination I could think off.
  
  Also created a new user type role with all the user permissions selected.
  
  Kind regards,
  Jorick Astrego
  
  
  
  On 07/22/2014 11:16 AM, Oved Ourfali wrote:
  
  
  
  On what object did you assign the PowerUser role

[ovirt-users] user permissions

2014-07-22 Thread Jorick Astrego


Hi,

In our 3.4.3 environment I started adding external users (it is 
connected to a freeipa server) and I'm having some problems setting the 
correct permissions.


When I give all user roles to a user, I cannot create a vm and get an 
error User is not authorized to perform this action. I tried setting 
it on the system level, DC level and cluster level.


I needed to give this user an administrator role with only exactly the 
same vm and disk permissions (nothing extra) and things work ok, but he 
can now login to the admin portal. So I blocked it with a .htaccess 
which is not the prettiest solution.


Am I doing things wrong?

Also the user disappeared from the System permissions overview but can 
still login, which is a bit weird.


Kind regards,

Jorick Astrego
Netbulae

___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] user permissions

2014-07-22 Thread Oved Ourfali

Hi

You didn't really specify what you would like to accomplish, and what 
permissions were granted and on what object.
In general, we have two types of roles: User and Admin roles.
If a user has any admin role on any object, then he can login to the admin 
portal.
So, as long as you don't assign the user with admin role he will not be able to 
login to the admin portal.

Giving PowerUser role on a DC will allow the user to create VMs and Disks 
through the user portal.
Is that what you would like to accomplish?

Oved

- Original Message -
 From: Jorick Astrego j.astr...@netbulae.eu
 To: users@ovirt.org
 Sent: Tuesday, July 22, 2014 11:32:16 AM
 Subject: [ovirt-users] user permissions
 
 Hi,
 
 In our 3.4.3 environment I started adding external users (it is
 connected to a freeipa server) and I'm having some problems setting the
 correct permissions.
 
 When I give all user roles to a user, I cannot create a vm and get an
 error User is not authorized to perform this action. I tried setting
 it on the system level, DC level and cluster level.
 
 I needed to give this user an administrator role with only exactly the
 same vm and disk permissions (nothing extra) and things work ok, but he
 can now login to the admin portal. So I blocked it with a .htaccess
 which is not the prettiest solution.
 
 Am I doing things wrong?
 
 Also the user disappeared from the System permissions overview but can
 still login, which is a bit weird.
 
 Kind regards,
 
 Jorick Astrego
 Netbulae
 
 ___
 Users mailing list
 Users@ovirt.org
 http://lists.ovirt.org/mailman/listinfo/users
 
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] user permissions

2014-07-22 Thread Jorick Astrego


Hi,

Sorry let be a bit more clear. I want to have a user that can log into 
the user portal and create vm's, stop them, add disks etc. But only as a 
user.


I tried the poweruser role and can do all things _except _creating a new 
VM.  I also want the user to only see and manipulate his own VM's and 
not the other ones running on the same system.


Even with the PowerUser role, I am not able to create a new VM as this 
user. Also when I edit the built-in PowerUser role, I only see the 
following rights selected:


Login Permissions

Template

Provisioning Operations
Create

VM


Provisioning Operations
Edit properties
Create

Disk

Provisioning Operations
Create

Everything else is deselected.

Kind regards,

Jorick Astrego
Netbulae

On 07/22/2014 10:35 AM, Oved Ourfali wrote:

Hi

You didn't really specify what you would like to accomplish, and what 
permissions were granted and on what object.
In general, we have two types of roles: User and Admin roles.
If a user has any admin role on any object, then he can login to the admin 
portal.
So, as long as you don't assign the user with admin role he will not be able to 
login to the admin portal.

Giving PowerUser role on a DC will allow the user to create VMs and Disks 
through the user portal.
Is that what you would like to accomplish?

Oved

- Original Message -

From: Jorick Astrego j.astr...@netbulae.eu
To: users@ovirt.org
Sent: Tuesday, July 22, 2014 11:32:16 AM
Subject: [ovirt-users] user permissions

Hi,

In our 3.4.3 environment I started adding external users (it is
connected to a freeipa server) and I'm having some problems setting the
correct permissions.

When I give all user roles to a user, I cannot create a vm and get an
error User is not authorized to perform this action. I tried setting
it on the system level, DC level and cluster level.

I needed to give this user an administrator role with only exactly the
same vm and disk permissions (nothing extra) and things work ok, but he
can now login to the admin portal. So I blocked it with a .htaccess
which is not the prettiest solution.

Am I doing things wrong?

Also the user disappeared from the System permissions overview but can
still login, which is a bit weird.

Kind regards,

Jorick Astrego
Netbulae

___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users



___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] user permissions

2014-07-22 Thread Oved Ourfali

On what object did you assign the PowerUser role?
A permission consist of user+role+object.

- Original Message -
 From: Jorick Astrego j.astr...@netbulae.eu
 To: users@ovirt.org
 Sent: Tuesday, July 22, 2014 11:43:43 AM
 Subject: Re: [ovirt-users] user permissions

 Hi,

 Sorry let be a bit more clear. I want to have a user that can log into the
 user portal and create vm's, stop them, add disks etc. But only as a user.

 I tried the poweruser role and can do all things except creating a new VM. I
 also want the user to only see and manipulate his own VM's and not the other
 ones running on the same system.

 Even with the PowerUser role, I am not able to create a new VM as this user.
 Also when I edit the built-in PowerUser role, I only see the following
 rights selected:

 Login Permissions

 Template

 Provisioning Operations
 Create

 VM

 Provisioning Operations
 Edit properties
 Create

 Disk

 Provisioning Operations
 Create

 Everything else is deselected.

 Kind regards,

 Jorick Astrego
 Netbulae

 On 07/22/2014 10:35 AM, Oved Ourfali wrote:

 Hi

 You didn't really specify what you would like to accomplish, and what
 permissions were granted and on what object.
 In general, we have two types of roles: User and Admin roles.
 If a user has any admin role on any object, then he can login to the admin
 portal.
 So, as long as you don't assign the user with admin role he will not be able
 to login to the admin portal.

 Giving PowerUser role on a DC will allow the user to create VMs and Disks
 through the user portal.
 Is that what you would like to accomplish?

 Oved

 - Original Message -

 From: Jorick Astrego j.astr...@netbulae.eu To: users@ovirt.org Sent:
 Tuesday, July 22, 2014 11:32:16 AM
 Subject: [ovirt-users] user permissions

 Hi,

 In our 3.4.3 environment I started adding external users (it is
 connected to a freeipa server) and I'm having some problems setting the
 correct permissions.

 When I give all user roles to a user, I cannot create a vm and get an
 error User is not authorized to perform this action. I tried setting
 it on the system level, DC level and cluster level.

 I needed to give this user an administrator role with only exactly the
 same vm and disk permissions (nothing extra) and things work ok, but he
 can now login to the admin portal. So I blocked it with a .htaccess
 which is not the prettiest solution.

 Am I doing things wrong?

 Also the user disappeared from the System permissions overview but can
 still login, which is a bit weird.

 Kind regards,

 Jorick Astrego
 Netbulae

 ___
 Users mailing list Users@ovirt.org
 http://lists.ovirt.org/mailman/listinfo/users

 ___
 Users mailing list
 Users@ovirt.org
 http://lists.ovirt.org/mailman/listinfo/users

___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] user permissions

2014-07-22 Thread Jorick Astrego

I had it set on the system (with the configure button) and the DC but 
tried every combination I could think off.


Also created a new user type role with all the user permissions selected.

Kind regards,
Jorick Astrego



On 07/22/2014 11:16 AM, Oved Ourfali wrote:

On what object did you assign the PowerUser role?
A permission consist of user+role+object.

- Original Message -

From: Jorick Astrego j.astr...@netbulae.eu
To: users@ovirt.org
Sent: Tuesday, July 22, 2014 11:43:43 AM
Subject: Re: [ovirt-users] user permissions

Hi,

Sorry let be a bit more clear. I want to have a user that can log into the
user portal and create vm's, stop them, add disks etc. But only as a user.

I tried the poweruser role and can do all things except creating a new VM. I
also want the user to only see and manipulate his own VM's and not the other
ones running on the same system.

Even with the PowerUser role, I am not able to create a new VM as this user.
Also when I edit the built-in PowerUser role, I only see the following
rights selected:

Login Permissions

Template

Provisioning Operations
Create

VM


Provisioning Operations
Edit properties
Create

Disk

Provisioning Operations
Create

Everything else is deselected.

Kind regards,

Jorick Astrego
Netbulae

On 07/22/2014 10:35 AM, Oved Ourfali wrote:



Hi

You didn't really specify what you would like to accomplish, and what
permissions were granted and on what object.
In general, we have two types of roles: User and Admin roles.
If a user has any admin role on any object, then he can login to the admin
portal.
So, as long as you don't assign the user with admin role he will not be able
to login to the admin portal.

Giving PowerUser role on a DC will allow the user to create VMs and Disks
through the user portal.
Is that what you would like to accomplish?

Oved

- Original Message -



From: Jorick Astrego j.astr...@netbulae.eu To: users@ovirt.org Sent:
Tuesday, July 22, 2014 11:32:16 AM
Subject: [ovirt-users] user permissions

Hi,

In our 3.4.3 environment I started adding external users (it is
connected to a freeipa server) and I'm having some problems setting the
correct permissions.

When I give all user roles to a user, I cannot create a vm and get an
error User is not authorized to perform this action. I tried setting
it on the system level, DC level and cluster level.

I needed to give this user an administrator role with only exactly the
same vm and disk permissions (nothing extra) and things work ok, but he
can now login to the admin portal. So I blocked it with a .htaccess
which is not the prettiest solution.

Am I doing things wrong?

Also the user disappeared from the System permissions overview but can
still login, which is a bit weird.

Kind regards,

Jorick Astrego
Netbulae

___
Users mailing list Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users




___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] user permissions

2014-07-22 Thread Oved Ourfali

Setting PowerUser for some user on System or on a DC should be enough to create 
VMs on it.
What error do you get?
Can you share your logs?

- Original Message -
 From: Jorick Astrego j.astr...@netbulae.eu
 Cc: users@ovirt.org
 Sent: Tuesday, July 22, 2014 12:26:38 PM
 Subject: Re: [ovirt-users] user permissions

 I had it set on the system (with the configure button) and the DC but
 tried every combination I could think off.

 Also created a new user type role with all the user permissions selected.

 Kind regards,
 Jorick Astrego

 On 07/22/2014 11:16 AM, Oved Ourfali wrote:
  On what object did you assign the PowerUser role?
  A permission consist of user+role+object.

  - Original Message -
  From: Jorick Astrego j.astr...@netbulae.eu
  To: users@ovirt.org
  Sent: Tuesday, July 22, 2014 11:43:43 AM
  Subject: Re: [ovirt-users] user permissions

  Hi,

  Sorry let be a bit more clear. I want to have a user that can log into the
  user portal and create vm's, stop them, add disks etc. But only as a user.

  I tried the poweruser role and can do all things except creating a new VM.
  I
  also want the user to only see and manipulate his own VM's and not the
  other
  ones running on the same system.

  Even with the PowerUser role, I am not able to create a new VM as this
  user.
  Also when I edit the built-in PowerUser role, I only see the following
  rights selected:

  Login Permissions

  Template

  Provisioning Operations
  Create

  VM

  Provisioning Operations
  Edit properties
  Create

  Disk

  Provisioning Operations
  Create

  Everything else is deselected.

  Kind regards,

  Jorick Astrego
  Netbulae

  On 07/22/2014 10:35 AM, Oved Ourfali wrote:

  Hi

  You didn't really specify what you would like to accomplish, and what
  permissions were granted and on what object.
  In general, we have two types of roles: User and Admin roles.
  If a user has any admin role on any object, then he can login to the admin
  portal.
  So, as long as you don't assign the user with admin role he will not be
  able
  to login to the admin portal.

  Giving PowerUser role on a DC will allow the user to create VMs and Disks
  through the user portal.
  Is that what you would like to accomplish?

  Oved

  - Original Message -

  From: Jorick Astrego j.astr...@netbulae.eu To: users@ovirt.org Sent:
  Tuesday, July 22, 2014 11:32:16 AM
  Subject: [ovirt-users] user permissions

  Hi,

  In our 3.4.3 environment I started adding external users (it is
  connected to a freeipa server) and I'm having some problems setting the
  correct permissions.

  When I give all user roles to a user, I cannot create a vm and get an
  error User is not authorized to perform this action. I tried setting
  it on the system level, DC level and cluster level.

  I needed to give this user an administrator role with only exactly the
  same vm and disk permissions (nothing extra) and things work ok, but he
  can now login to the admin portal. So I blocked it with a .htaccess
  which is not the prettiest solution.

  Am I doing things wrong?

  Also the user disappeared from the System permissions overview but can
  still login, which is a bit weird.

  Kind regards,

  Jorick Astrego
  Netbulae

  ___
  Users mailing list Users@ovirt.org
  http://lists.ovirt.org/mailman/listinfo/users

  ___
  Users mailing list
  Users@ovirt.org
  http://lists.ovirt.org/mailman/listinfo/users

 ___
 Users mailing list
 Users@ovirt.org
 http://lists.ovirt.org/mailman/listinfo/users

___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] user permissions

2014-07-22 Thread Jorick Astrego



The only relevant things I see in the log are lots of these:

2014-07-22 09:52:46,867 ERROR [org.ovirt.engine.core.bll.SearchQuery] 
(ajp--127.0.0.1-8702-12) Query execution failed due to insufficient 
permissions.
2014-07-22 09:52:46,867 ERROR [org.ovirt.engine.core.bll.SearchQuery] 
(ajp--127.0.0.1-8702-12) Query execution failed due to insufficient 
permissions.
2014-07-22 09:53:46,869 ERROR [org.ovirt.engine.core.bll.SearchQuery] 
(ajp--127.0.0.1-8702-5) Query execution failed due to insufficient 
permissions.
2014-07-22 09:53:46,869 ERROR [org.ovirt.engine.core.bll.SearchQuery] 
(ajp--127.0.0.1-8702-5) Query execution failed due to insufficient 
permissions.
2014-07-22 09:54:46,865 ERROR [org.ovirt.engine.core.bll.SearchQuery] 
(ajp--127.0.0.1-8702-8) Query execution failed due to insufficient 
permissions.
2014-07-22 09:54:46,865 ERROR [org.ovirt.engine.core.bll.SearchQuery] 
(ajp--127.0.0.1-8702-8) Query execution failed due to insufficient 
permissions.


2014-07-22 10:27:46,879 ERROR [org.ovirt.engine.core.bll.SearchQuery] 
(ajp--127.0.0.1-8702-5) Query execution failed due to insufficient 
permissions.
2014-07-22 10:27:46,880 ERROR [org.ovirt.engine.core.bll.SearchQuery] 
(ajp--127.0.0.1-8702-5) Query execution failed due to insufficient 
permissions.
2014-07-22 10:28:46,949 ERROR [org.ovirt.engine.core.bll.SearchQuery] 
(ajp--127.0.0.1-8702-1) Query execution failed due to insufficient 
permissions.
2014-07-22 10:28:46,950 ERROR [org.ovirt.engine.core.bll.SearchQuery] 
(ajp--127.0.0.1-8702-1) Query execution failed due to insufficient 
permissions.
2014-07-22 10:29:46,887 ERROR [org.ovirt.engine.core.bll.SearchQuery] 
(ajp--127.0.0.1-8702-4) Query execution failed due to insufficient 
permissions.
2014-07-22 10:29:46,887 ERROR [org.ovirt.engine.core.bll.SearchQuery] 
(ajp--127.0.0.1-8702-4) Query execution failed due to insufficient 
permissions.


2014-07-22 10:36:46,911 ERROR [org.ovirt.engine.core.bll.SearchQuery] 
(ajp--127.0.0.1-8702-13) Query execution failed due to insufficient 
permissions.
2014-07-22 10:36:46,911 ERROR [org.ovirt.engine.core.bll.SearchQuery] 
(ajp--127.0.0.1-8702-13) Query execution failed due to insufficient 
permissions.
2014-07-22 10:37:46,924 ERROR [org.ovirt.engine.core.bll.SearchQuery] 
(ajp--127.0.0.1-8702-1) Query execution failed due to insufficient 
permissions.
2014-07-22 10:37:46,924 ERROR [org.ovirt.engine.core.bll.SearchQuery] 
(ajp--127.0.0.1-8702-1) Query execution failed due to insufficient 
permissions.
2014-07-22 10:38:46,966 ERROR [org.ovirt.engine.core.bll.SearchQuery] 
(ajp--127.0.0.1-8702-8) Query execution failed due to insufficient 
permissions.
2014-07-22 10:38:46,967 ERROR [org.ovirt.engine.core.bll.SearchQuery] 
(ajp--127.0.0.1-8702-8) Query execution failed due to insufficient 
permissions.
2014-07-22 10:39:46,941 ERROR [org.ovirt.engine.core.bll.SearchQuery] 
(ajp--127.0.0.1-8702-5) Query execution failed due to insufficient 
permissions.
2014-07-22 10:39:46,942 ERROR [org.ovirt.engine.core.bll.SearchQuery] 
(ajp--127.0.0.1-8702-5) Query execution failed due to insufficient 
permissions.


Kind regards,
Jorick


On 07/22/2014 12:16 PM, Oved Ourfali wrote:

Setting PowerUser for some user on System or on a DC should be enough to create 
VMs on it.
What error do you get?
Can you share your logs?

- Original Message -

From: Jorick Astrego j.astr...@netbulae.eu
Cc: users@ovirt.org
Sent: Tuesday, July 22, 2014 12:26:38 PM
Subject: Re: [ovirt-users] user permissions

I had it set on the system (with the configure button) and the DC but
tried every combination I could think off.

Also created a new user type role with all the user permissions selected.

Kind regards,
Jorick Astrego



On 07/22/2014 11:16 AM, Oved Ourfali wrote:

On what object did you assign the PowerUser role?
A permission consist of user+role+object.

- Original Message -

From: Jorick Astrego j.astr...@netbulae.eu
To: users@ovirt.org
Sent: Tuesday, July 22, 2014 11:43:43 AM
Subject: Re: [ovirt-users] user permissions

Hi,

Sorry let be a bit more clear. I want to have a user that can log into the
user portal and create vm's, stop them, add disks etc. But only as a user.

I tried the poweruser role and can do all things except creating a new VM.
I
also want the user to only see and manipulate his own VM's and not the
other
ones running on the same system.

Even with the PowerUser role, I am not able to create a new VM as this
user.
Also when I edit the built-in PowerUser role, I only see the following
rights selected:

Login Permissions

Template

Provisioning Operations
Create

VM


Provisioning Operations
Edit properties
Create

Disk

Provisioning Operations
Create

Everything else is deselected.

Kind regards,

Jorick Astrego
Netbulae

On 07/22/2014 10:35 AM, Oved Ourfali wrote:



Hi

You didn't really specify what you would like to accomplish, and what
permissions were granted and on what object.
In general, we have two types of roles: User and Admin

Re: [ovirt-users] user permissions

2014-07-22 Thread Oved Ourfali

Please open a bug on that.
But please provide full details, what permissions on what object, and what 
dialog are you opening, what operation are you trying to do, with the complete 
logs.

Thanks,
Oved

- Original Message -
 From: Jorick Astrego j.astr...@netbulae.eu
 Cc: users@ovirt.org
 Sent: Tuesday, July 22, 2014 1:57:44 PM
 Subject: Re: [ovirt-users] user permissions
 
 
 The only relevant things I see in the log are lots of these:
 
 2014-07-22 09:52:46,867 ERROR [org.ovirt.engine.core.bll.SearchQuery]
 (ajp--127.0.0.1-8702-12) Query execution failed due to insufficient
 permissions.
 2014-07-22 09:52:46,867 ERROR [org.ovirt.engine.core.bll.SearchQuery]
 (ajp--127.0.0.1-8702-12) Query execution failed due to insufficient
 permissions.
 2014-07-22 09:53:46,869 ERROR [org.ovirt.engine.core.bll.SearchQuery]
 (ajp--127.0.0.1-8702-5) Query execution failed due to insufficient
 permissions.
 2014-07-22 09:53:46,869 ERROR [org.ovirt.engine.core.bll.SearchQuery]
 (ajp--127.0.0.1-8702-5) Query execution failed due to insufficient
 permissions.
 2014-07-22 09:54:46,865 ERROR [org.ovirt.engine.core.bll.SearchQuery]
 (ajp--127.0.0.1-8702-8) Query execution failed due to insufficient
 permissions.
 2014-07-22 09:54:46,865 ERROR [org.ovirt.engine.core.bll.SearchQuery]
 (ajp--127.0.0.1-8702-8) Query execution failed due to insufficient
 permissions.
 
 2014-07-22 10:27:46,879 ERROR [org.ovirt.engine.core.bll.SearchQuery]
 (ajp--127.0.0.1-8702-5) Query execution failed due to insufficient
 permissions.
 2014-07-22 10:27:46,880 ERROR [org.ovirt.engine.core.bll.SearchQuery]
 (ajp--127.0.0.1-8702-5) Query execution failed due to insufficient
 permissions.
 2014-07-22 10:28:46,949 ERROR [org.ovirt.engine.core.bll.SearchQuery]
 (ajp--127.0.0.1-8702-1) Query execution failed due to insufficient
 permissions.
 2014-07-22 10:28:46,950 ERROR [org.ovirt.engine.core.bll.SearchQuery]
 (ajp--127.0.0.1-8702-1) Query execution failed due to insufficient
 permissions.
 2014-07-22 10:29:46,887 ERROR [org.ovirt.engine.core.bll.SearchQuery]
 (ajp--127.0.0.1-8702-4) Query execution failed due to insufficient
 permissions.
 2014-07-22 10:29:46,887 ERROR [org.ovirt.engine.core.bll.SearchQuery]
 (ajp--127.0.0.1-8702-4) Query execution failed due to insufficient
 permissions.
 
 2014-07-22 10:36:46,911 ERROR [org.ovirt.engine.core.bll.SearchQuery]
 (ajp--127.0.0.1-8702-13) Query execution failed due to insufficient
 permissions.
 2014-07-22 10:36:46,911 ERROR [org.ovirt.engine.core.bll.SearchQuery]
 (ajp--127.0.0.1-8702-13) Query execution failed due to insufficient
 permissions.
 2014-07-22 10:37:46,924 ERROR [org.ovirt.engine.core.bll.SearchQuery]
 (ajp--127.0.0.1-8702-1) Query execution failed due to insufficient
 permissions.
 2014-07-22 10:37:46,924 ERROR [org.ovirt.engine.core.bll.SearchQuery]
 (ajp--127.0.0.1-8702-1) Query execution failed due to insufficient
 permissions.
 2014-07-22 10:38:46,966 ERROR [org.ovirt.engine.core.bll.SearchQuery]
 (ajp--127.0.0.1-8702-8) Query execution failed due to insufficient
 permissions.
 2014-07-22 10:38:46,967 ERROR [org.ovirt.engine.core.bll.SearchQuery]
 (ajp--127.0.0.1-8702-8) Query execution failed due to insufficient
 permissions.
 2014-07-22 10:39:46,941 ERROR [org.ovirt.engine.core.bll.SearchQuery]
 (ajp--127.0.0.1-8702-5) Query execution failed due to insufficient
 permissions.
 2014-07-22 10:39:46,942 ERROR [org.ovirt.engine.core.bll.SearchQuery]
 (ajp--127.0.0.1-8702-5) Query execution failed due to insufficient
 permissions.
 
 Kind regards,
 Jorick
 
 
 On 07/22/2014 12:16 PM, Oved Ourfali wrote:
 
 
 
 Setting PowerUser for some user on System or on a DC should be enough to
 create VMs on it.
 What error do you get?
 Can you share your logs?
 
 - Original Message -
 
 
 
 From: Jorick Astrego j.astr...@netbulae.eu Cc: users@ovirt.org Sent:
 Tuesday, July 22, 2014 12:26:38 PM
 Subject: Re: [ovirt-users] user permissions
 
 I had it set on the system (with the configure button) and the DC but
 tried every combination I could think off.
 
 Also created a new user type role with all the user permissions selected.
 
 Kind regards,
 Jorick Astrego
 
 
 
 On 07/22/2014 11:16 AM, Oved Ourfali wrote:
 
 
 
 On what object did you assign the PowerUser role?
 A permission consist of user+role+object.
 
 - Original Message -
 
 
 
 From: Jorick Astrego j.astr...@netbulae.eu To: users@ovirt.org Sent:
 Tuesday, July 22, 2014 11:43:43 AM
 Subject: Re: [ovirt-users] user permissions
 
 Hi,
 
 Sorry let be a bit more clear. I want to have a user that can log into the
 user portal and create vm's, stop them, add disks etc. But only as a user.
 
 I tried the poweruser role and can do all things except creating a new VM.
 I
 also want the user to only see and manipulate his own VM's and not the
 other
 ones running on the same system.
 
 Even with the PowerUser role, I am not able to create a new VM as this
 user.
 Also when I edit the built-in PowerUser role, I only see

[ovirt-users] User permissions needed to clone template disk

Re: [ovirt-users] user permissions

[ovirt-users] user permissions

Re: [ovirt-users] user permissions

Re: [ovirt-users] user permissions

Re: [ovirt-users] user permissions

[ovirt-users] user permissions

Re: [ovirt-users] User permissions

Re: [ovirt-users] User permissions

[ovirt-users] User permissions

[ovirt-users] User permissions for user portal

Re: [ovirt-users] User permissions for user portal

Re: [ovirt-users] User permissions for user portal

Re: [ovirt-users] user permissions

[ovirt-users] user permissions

Re: [ovirt-users] user permissions

Re: [ovirt-users] user permissions

Re: [ovirt-users] user permissions

Re: [ovirt-users] user permissions

Re: [ovirt-users] user permissions

Re: [ovirt-users] user permissions

Re: [ovirt-users] user permissions

22 matches

Site Navigation

Mail list logo

Footer information