subject:"\[ovirt\-users\] Users seeing all vm's"

Re: [ovirt-users] Users seeing all vm's

2014-06-12 Thread Jeff Clay

It sounds line you're adding the permissions to ovirt through the "Users"
tab on the top right. Thats the same thing I did at first. However, the
user's tab is not where you manage all settings for users. Its a bit
counterintuitive. When you add a user in that tab, it adds them to the
"system" object and not to a particular VM or pool which is why the user
has more than desired permissions. What you need to do is remove the users
or groups from the "Users" tab and add them to the specific pool or VM by
selecting the pool, then select the "permissions" sub-tab and then select
"add". This will grant the permissions to only that specific resource.
On Jun 12, 2014 3:08 AM, "Itamar Heim"  wrote:

> On 06/06/2014 05:52 AM, Artur Sarkisyan wrote:
>
>> Thanks for replay, I have an IPA server for authentication. I am trying
>> some scenarios, but I would like to setup pools of vm's for users,
>> actually one pool for one user.
>>
>
> why one pool for one user?
> a pool allows you to give multiple users access to it, and, specify how
> many VMs each user can get from the pool.
>
>
>> Kind regards,
>> Artur
>>
>>
>> On Thu, Jun 5, 2014 at 8:30 PM, Jeff Clay > > wrote:
>>
>> Yes, I have resolved this issue. It was due to my lack of
>> understanding in how Ovirt expected things to be configured and
>> setup. Are you using active directory for authentication and setting
>> up pools of vm's for users to access?
>>
>>
>> On Thu, Jun 5, 2014 at 1:10 PM, Artur Sarkisyan > > wrote:
>>
>> Hi Jeff,
>>
>> I would like to know if you have resolved this issue?
>>
>> At this moment i'm building a poc and i have the same problem
>> like yours:
>> All users can see all vm's. Do you have some suggestions for me ?
>>
>> Thanks in advanced.
>>
>>
>> Kind regards,
>> Artur
>>
>>
>> On Tue, May 6, 2014 at 10:32 PM, Jeff Clay > > wrote:
>>
>> For some reason, when logged in as a user with a modifed
>> copy role of
>> UserRole (only has login permssion and VM -> Basic
>> Operations -> Remote Log
>> In permission) the user can see all of the VM's and has the
>> ability to open
>> a console, start, shutdown or suspend any of the VM's. I
>> have verified that
>> all of the VM's only show the SuperUser role in their
>> permissions. I went
>> through all of the roles and verified that the user is only
>> a member of the
>> Copy_of_UserRole. The only thing I can think of is that the
>> user is
>> inheriting permissions from something, but I can't find what
>> it is or
>> where. Any suggestions?
>>
>> Thanks.
>>
>> ___
>> Users mailing list
>> Users@ovirt.org 
>> http://lists.ovirt.org/mailman/listinfo/users
>>
>>
>>
>>
>>
>>
>> ___
>> Users mailing list
>> Users@ovirt.org
>> http://lists.ovirt.org/mailman/listinfo/users
>>
>>
>
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] Users seeing all vm's

2014-06-12 Thread Itamar Heim


On 06/06/2014 05:52 AM, Artur Sarkisyan wrote:

Thanks for replay, I have an IPA server for authentication. I am trying
some scenarios, but I would like to setup pools of vm's for users,
actually one pool for one user.


why one pool for one user?
a pool allows you to give multiple users access to it, and, specify how 
many VMs each user can get from the pool.




Kind regards,
Artur


On Thu, Jun 5, 2014 at 8:30 PM, Jeff Clay mailto:jeffc...@gmail.com>> wrote:

Yes, I have resolved this issue. It was due to my lack of
understanding in how Ovirt expected things to be configured and
setup. Are you using active directory for authentication and setting
up pools of vm's for users to access?


On Thu, Jun 5, 2014 at 1:10 PM, Artur Sarkisyan mailto:s.ar...@gmail.com>> wrote:

Hi Jeff,

I would like to know if you have resolved this issue?

At this moment i'm building a poc and i have the same problem
like yours:
All users can see all vm's. Do you have some suggestions for me ?

Thanks in advanced.


Kind regards,
Artur


On Tue, May 6, 2014 at 10:32 PM, Jeff Clay mailto:jeffc...@gmail.com>> wrote:

For some reason, when logged in as a user with a modifed
copy role of
UserRole (only has login permssion and VM -> Basic
Operations -> Remote Log
In permission) the user can see all of the VM's and has the
ability to open
a console, start, shutdown or suspend any of the VM's. I
have verified that
all of the VM's only show the SuperUser role in their
permissions. I went
through all of the roles and verified that the user is only
a member of the
Copy_of_UserRole. The only thing I can think of is that the
user is
inheriting permissions from something, but I can't find what
it is or
where. Any suggestions?

Thanks.

___
Users mailing list
Users@ovirt.org 
http://lists.ovirt.org/mailman/listinfo/users






___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users



___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] Users seeing all vm's

2014-06-06 Thread Artur Sarkisyan

Thanks for replay, I have an IPA server for authentication. I am trying
some scenarios, but I would like to setup pools of vm's for users, actually
one pool for one user.

Kind regards,
Artur


On Thu, Jun 5, 2014 at 8:30 PM, Jeff Clay  wrote:

> Yes, I have resolved this issue. It was due to my lack of understanding in
> how Ovirt expected things to be configured and setup. Are you using active
> directory for authentication and setting up pools of vm's for users to
> access?
>
>
> On Thu, Jun 5, 2014 at 1:10 PM, Artur Sarkisyan  wrote:
>
>> Hi Jeff,
>>
>> I would like to know if you have resolved this issue?
>>
>> At this moment i'm building a poc and i have the same problem like yours:
>> All users can see all vm's. Do you have some suggestions for me ?
>>
>> Thanks in advanced.
>>
>>
>> Kind regards,
>> Artur
>>
>>
>> On Tue, May 6, 2014 at 10:32 PM, Jeff Clay  wrote:
>>
>>> For some reason, when logged in as a user with a modifed copy role of
>>> UserRole (only has login permssion and VM -> Basic Operations -> Remote
>>> Log
>>> In permission) the user can see all of the VM's and has the ability to
>>> open
>>> a console, start, shutdown or suspend any of the VM's. I have verified
>>> that
>>> all of the VM's only show the SuperUser role in their permissions. I went
>>> through all of the roles and verified that the user is only a member of
>>> the
>>> Copy_of_UserRole. The only thing I can think of is that the user is
>>> inheriting permissions from something, but I can't find what it is or
>>> where. Any suggestions?
>>>
>>> Thanks.
>>>
>>> ___
>>> Users mailing list
>>> Users@ovirt.org
>>> http://lists.ovirt.org/mailman/listinfo/users
>>>
>>>
>>
>
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] Users seeing all vm's

2014-06-05 Thread Jeff Clay

Yes, I have resolved this issue. It was due to my lack of understanding in
how Ovirt expected things to be configured and setup. Are you using active
directory for authentication and setting up pools of vm's for users to
access?


On Thu, Jun 5, 2014 at 1:10 PM, Artur Sarkisyan  wrote:

> Hi Jeff,
>
> I would like to know if you have resolved this issue?
>
> At this moment i'm building a poc and i have the same problem like yours:
> All users can see all vm's. Do you have some suggestions for me ?
>
> Thanks in advanced.
>
>
> Kind regards,
> Artur
>
>
> On Tue, May 6, 2014 at 10:32 PM, Jeff Clay  wrote:
>
>> For some reason, when logged in as a user with a modifed copy role of
>> UserRole (only has login permssion and VM -> Basic Operations -> Remote
>> Log
>> In permission) the user can see all of the VM's and has the ability to
>> open
>> a console, start, shutdown or suspend any of the VM's. I have verified
>> that
>> all of the VM's only show the SuperUser role in their permissions. I went
>> through all of the roles and verified that the user is only a member of
>> the
>> Copy_of_UserRole. The only thing I can think of is that the user is
>> inheriting permissions from something, but I can't find what it is or
>> where. Any suggestions?
>>
>> Thanks.
>>
>> ___
>> Users mailing list
>> Users@ovirt.org
>> http://lists.ovirt.org/mailman/listinfo/users
>>
>>
>
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] Users seeing all vm's

2014-05-06 Thread Einav Cohen

Hi Jeff, 

* I assume that we are talking about the User Portal, 
not the web-admin (to which the user cannot even log 
into, according to the permissions that you specified). 

* a permission is a triplet of role, user and object. 
according to what you are saying, the user's permission is: 
- role: Copy_of_UserRole [contains "Remote Log" only (???)]
- user: user
- object: ??? 

what is the object with which the user's permission 
is associated? I suspect it is "System", which would 
explain why the users sees all of the VMs in his user-
portal (permissions inheritance, as you suspected: all 
VMs are "descendants" of "System", therefore permissions 
on "System" are propagated to the VMs within the system)

* are there any additional permissions for this user? a 
screen-shot of the user's "Permissions" sub-tab in the 
User's main tab in the web-admin would be helpful. 

* does the user belong to any group that has permissions 
on the system? if so, this user could be inheriting these 
permissions from that group. 

* are you sure that the "Copy_of_UserRole" role contains 
only the "Remote Log" action? if not - that can explain 
why the user is able to perform actions on the VMs other 
than "Remote Log". 


Thanks,
Einav



- Original Message -----
> From: "Jeff Clay" 
> To: users@ovirt.org
> Sent: Tuesday, May 6, 2014 4:32:28 PM
> Subject: [ovirt-users] Users seeing all vm's
> 
> For some reason, when logged in as a user with a modifed copy role of
> UserRole (only has login permssion and VM -> Basic Operations -> Remote Log
> In permission) the user can see all of the VM's and has the ability to open
> a console, start, shutdown or suspend any of the VM's. I have verified that
> all of the VM's only show the SuperUser role in their permissions. I went
> through all of the roles and verified that the user is only a member of the
> Copy_of_UserRole. The only thing I can think of is that the user is
> inheriting permissions from something, but I can't find what it is or
> where. Any suggestions?
> 
> Thanks.
> 
> ___
> Users mailing list
> Users@ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
> 
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

[ovirt-users] Users seeing all vm's

2014-05-06 Thread Jeff Clay

For some reason, when logged in as a user with a modifed copy role of
UserRole (only has login permssion and VM -> Basic Operations -> Remote Log
In permission) the user can see all of the VM's and has the ability to open
a console, start, shutdown or suspend any of the VM's. I have verified that
all of the VM's only show the SuperUser role in their permissions. I went
through all of the roles and verified that the user is only a member of the
Copy_of_UserRole. The only thing I can think of is that the user is
inheriting permissions from something, but I can't find what it is or
where. Any suggestions?

Thanks.
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] Users seeing all vm's

Re: [ovirt-users] Users seeing all vm's

Re: [ovirt-users] Users seeing all vm's

Re: [ovirt-users] Users seeing all vm's

Re: [ovirt-users] Users seeing all vm's

[ovirt-users] Users seeing all vm's

6 matches

Site Navigation

Mail list logo

Footer information