On 07/25/2016 08:43 AM, Костя Климук wrote:
> Hello, OVirt community!
>
> I have some problems in understanding with OVirt (v 3.6.0) API.
> I'm trying to create user with specifying his roles, by using such
> signature in POST call:
>
>
>
> testuser@saml-auth
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> The user is created but without the roles.
> The next issues, that I encountered is associated with updating of
> existing user (adding the roles to him). I am trying to do PUT call on
> .../ovirt-engine/api/users/long_user_id/roles :
>
>
>
>
> But this doesn't work.
> Please, give we insight in what I am doing wrong.
>
In order to do this you first need to add the user, as you did, but
without the roles (if you include then they will just be ignored):
POST /ovirt-engine/api/users
testuser@saml-auth
This will return you the added user, including the an identifier:
...
But you can't directly add role to an user, because there isn't really a
direct relationship between users and roles. Instead you need to add
"permissions", and each permission is composed of an user, a role and an
object. For example, if you want to add to that user the role
"ClusterAdmin" role for a specific cluster:
POST /ovirt-engine/api/users/the_user_id/permissions
Alternatively, you can also add the permission using the collection of
the object. For example:
POST /ovirt-engine/api/clusters/the_cluster_id/permissions
The /users/the_user_id/roles has a rather strange meaning, it displays
(read only) the roles of the permissions corresponding to the "system"
object. You should probably avoid it completely, and we should probably
remove it.
--
Dirección Comercial: C/Jose Bardasano Baos, 9, Edif. Gorbea 3, planta
3ºD, 28016 Madrid, Spain
Inscrita en el Reg. Mercantil de Madrid – C.I.F. B82657941 - Red Hat S.L.
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users
