[ovirt-users] Re: Preventing users to see other VMs

2018-05-21 Thread Roy Golan
On Wed, 16 May 2018 at 17:21 Peter Hudec wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA512 > > Hi all, > > works !! ;) Seems that there is some caching in User Portal. > But there is still a question how could I remove user from the role > everyone ? For example I want to

[ovirt-users] Re: Preventing users to see other VMs

2018-05-16 Thread Aziz
Hi All, @Roy, yes, that's excatly what I'm referring to. It's "ugly" to show the unauthorized message each time a user will try to edit the VM, better to hide it or put it as Grayed. Thank you Greg. Best regards On Wed, May 16, 2018 at 1:14 PM, Greg Sheremeta wrote: > >

[ovirt-users] Re: Preventing users to see other VMs

2018-05-16 Thread Peter Hudec
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi all, works !! ;) Seems that there is some caching in User Portal. But there is still a question how could I remove user from the role everyone ? For example I want to assign only specific vNIC Profiles, Storage Domains, ... Peter On

[ovirt-users] Re: Preventing users to see other VMs

2018-05-16 Thread Greg Sheremeta
On Wed, May 16, 2018 at 9:09 AM, Roy Golan wrote: > On Wed, 16 May 2018 at 16:01 Aziz wrote: > >> Hi All, >> >> Thank you Roy, this is working now as expected, however, I think the Edit >> button, should be removed for this user, there is no need to

[ovirt-users] Re: Preventing users to see other VMs

2018-05-16 Thread Roy Golan
On Wed, 16 May 2018 at 16:01 Aziz wrote: > Hi All, > > Thank you Roy, this is working now as expected, however, I think the Edit > button, should be removed for this user, there is no need to display the > edit button if the user cannot use it to perform any operation, am

[ovirt-users] Re: Preventing users to see other VMs

2018-05-16 Thread Aziz
Hi All, Thank you Roy, this is working now as expected, however, I think the Edit button, should be removed for this user, there is no need to display the edit button if the user cannot use it to perform any operation, am I missing something ? Best regards On Wed, May 16, 2018 at 9:12 AM,

[ovirt-users] Re: Preventing users to see other VMs

2018-05-16 Thread Peter Hudec
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 I have found 2 related bug, a little bit older https://bugzilla.redhat.com/show_bug.cgi?id=1209505 https://bugzilla.redhat.com/show_bug.cgi?id=1225274 But these are related only to DiskProfile. I haven't found any work about 'Everyone' group in

[ovirt-users] Re: Preventing users to see other VMs

2018-05-15 Thread Peter Hudec
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi, I'm fancing the same problem. The steps are - - create user /tester/ using the ovirt-aaa-jdbc-tool - - login as admin into admin portal - - add tester user in Administation -> Users - - choose one VM and add UserRole role - - login as testr

[ovirt-users] Re: Preventing users to see other VMs

2018-05-15 Thread Roy Golan
On Tue, 15 May 2018 at 21:47 Aziz wrote: > Hi Roy, > > Thanks for your feedback, I'm unable to remove the user from the cluster, > I used the command "ovirt-aaa-jdbc-tool user add" to add the new user, > and it seems that by default it took all permissions over the cluster.

[ovirt-users] Re: Preventing users to see other VMs

2018-05-15 Thread Aziz
Hi Roy, Thanks for your feedback, I'm unable to remove the user from the cluster, I used the command "ovirt-aaa-jdbc-tool user add" to add the new user, and it seems that by default it took all permissions over the cluster. Is there any document describing this feature in details ? Thanks On

[ovirt-users] Re: Preventing users to see other VMs

2018-05-15 Thread Roy Golan
1. Make sure your users use the VM portal 2. Assign permission on VM to a certain user to make sure it apears in the portal. The Role should be VmOperator afaik. Permission set on objects higher in the hierarchy are cascading, i.e a user with permission on a cluster would have the permission on