subject:"\[ovirt\-users\] oVirt 3.5.1 user permissions"

Re: [ovirt-users] oVirt 3.5.1 user permissions

2015-02-01 Thread Itamar Heim


On 01/29/2015 05:20 PM, Donny Davis wrote:

You are assigning permissions at too high of a level.

Set the following permissions for users to be able to only see what they create

Add a new set of permissions in the config menu


Login to system
Create instance
Attach to storage domains


giving PowerUserRole at DC level is fastest/simplest way.
if you need lower granularity then that, you need to give the 
PowerUserRole for specific clusters / storage domains / (networks?)


(at the more granular level you can use 
DiskCreator/VmCreator(/VnicProfileUser?), but just using PowerUserRole 
is simplest.




Then assign that permission at the datacenter level, or even better the cluster 
level

And add permissions as needed

I will get you some screen shots when I get home



On Jan 29, 2015 7:13 AM, Yaniv Dary  wrote:


WebAdmin is for admin and has permissions to see anything in the system.
For power users please use the power user portal.

On 01/29/2015 10:35 AM, Nikolai Bochev wrote:

Hello,

I've been running ovirt hosted engine for around a month already
without any major interruptions. Last week i tied it to freeipa, to be
able to give permissions to other people, but so far no success
because of the following problem :

All users can see all VM's. I tried clearing all permission entries (
leaving the admin only ) and the re-adding and it didn't help at all.

I am attaching a few screenshots to better describe :






Most of the vm's have no permissions attached to them, but they are
still visible to everyone that logs from the userpanel
What am i doing wrong ?

Regards,


___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


--
Yaniv Dary
Red Hat Israel Ltd.
34 Jerusalem Road
Building A, 4th floor
Ra'anana, Israel 4350109

Tel : +972 (9) 7692306
8272306
Email: yd...@redhat.com
IRC : ydary

___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users



___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] oVirt 3.5.1 user permissions

2015-01-29 Thread Oved Ourfali


On Jan 29, 2015 8:32 PM, Gianluca Cecchi  wrote:
>
> On Thu, Jan 29, 2015 at 6:13 PM, Oved Ourfali  wrote:
>>
>>
>> On Jan 29, 2015 7:00 PM, Gianluca Cecchi  wrote:
>> >
>> >
>> > Il 29/gen/2015 15:13 "Yaniv Dary"  ha scritto:
>> > >
>> > > WebAdmin is for admin and has permissions to see anything in the system.
>> > > For power users please use the power user portal
>> >
>> > Power user portal doesn't exist any more or did I miss anything?
>>
>> We have the webadmin and the user portal. If you have permissions like power user role, then when you login to the user portal you have access to a different view which is the power user portal.
>
> BTW: I'm not the one who openend the thread
>
> In fact. Power user portal was used in RHEV 2.2 time..
> If I give power user role to a vm for a user, than when the user (included admin@internal) open user portal, he can see the vm and work with it...
>
But power user role on the DC for example, should give you permissions to access the power user portal, in which you can create VMs
> Gianluca

___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] oVirt 3.5.1 user permissions

2015-01-29 Thread Gianluca Cecchi

On Thu, Jan 29, 2015 at 6:13 PM, Oved Ourfali  wrote:

>
> On Jan 29, 2015 7:00 PM, Gianluca Cecchi 
> wrote:
> >
> >
> > Il 29/gen/2015 15:13 "Yaniv Dary"  ha scritto:
> > >
> > > WebAdmin is for admin and has permissions to see anything in the
> system.
> > > For power users please use the power user portal
> >
> > Power user portal doesn't exist any more or did I miss anything?
>
> We have the webadmin and the user portal. If you have permissions like
> power user role, then when you login to the user portal you have access to
> a different view which is the power user portal.
>
BTW: I'm not the one who openend the thread

In fact. Power user portal was used in RHEV 2.2 time..
If I give power user role to a vm for a user, than when the user (included
admin@internal) open user portal, he can see the vm and work with it...

Gianluca
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] oVirt 3.5.1 user permissions

2015-01-29 Thread Oved Ourfali


On Jan 29, 2015 7:00 PM, Gianluca Cecchi  wrote:
>
>
> Il 29/gen/2015 15:13 "Yaniv Dary"  ha scritto:
> >
> > WebAdmin is for admin and has permissions to see anything in the system.
> > For power users please use the power user portal
>
> Power user portal doesn't exist any more or did I miss anything?
We have the webadmin and the user portal. If you have permissions like power user role, then when you login to the user portal you have access to a different view which is the power user portal. 
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] oVirt 3.5.1 user permissions

2015-01-29 Thread Gianluca Cecchi

Il 29/gen/2015 15:13 "Yaniv Dary"  ha scritto:
>
> WebAdmin is for admin and has permissions to see anything in the system.
> For power users please use the power user portal

Power user portal doesn't exist any more or did I miss anything?
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] oVirt 3.5.1 user permissions

2015-01-29 Thread Donny Davis

Setting that login permission at the system level is why they can see 
everything even if they can't control it. Copy the user permission role and 
remove all the permissions except login to system (the last box under login) 
create instance, and attach to storage domains. 

Then add it to the datacenter permission set 

On Jan 29, 2015 2:02 AM, Ondra Machacek  wrote:
>
> If you add for example 'UserRole' on VM, then your user should login to 
> UserPortal without any problem and see his VM.
>
> On 01/29/2015 09:58 AM, Nikolai Bochev wrote:
> > Ok, but if i don't add "System" permissions to a user with "UserRole"
> > they cannot login at all ?
> >
> > On Thu, Jan 29, 2015 at 10:56 AM, Ondra Machacek  > > wrote:
> >
> >
> >
> > On 01/29/2015 09:35 AM, Nikolai Bochev wrote:
> >
> > Hello,
> >
> > I've been running ovirt hosted engine for around a month already
> > without
> > any major interruptions. Last week i tied it to freeipa, to be
> > able to
> > give permissions to other people, but so far no success because
> > of the
> > following problem :
> >
> > All users can see all VM's. I tried clearing all permission
> > entries (
> > leaving the admin only ) and the re-adding and it didn't help at
> > all.
> >
> > I am attaching a few screenshots to better describe :
> >
> >
> >
> > The problem is that you are assigning system permissions.
> > If you assign system permissions you have permission to whole system.
> >
> > If you want to assign a permission to user on a specific vm(or object),
> > you have to select the object, then click 'permissions' subtab, then
> > click 'add', then find your user and choose the role for him.
> >
> >
> >
> >
> > 
> > Most of the vm's have no permissions attached to them, but they are
> > still visible to everyone that logs from the userpanel
> > What am i doing wrong ?
> >
> > Regards,
> >
> >
> > _
> > Users mailing list
> > Users@ovirt.org 
> > http://lists.ovirt.org/__mailman/listinfo/users
> > 
> >
> >
> ___
> Users mailing list
> Users@ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] oVirt 3.5.1 user permissions

2015-01-29 Thread Donny Davis

You are assigning permissions at too high of a level.

Set the following permissions for users to be able to only see what they create 

Add a new set of permissions in the config menu


Login to system
Create instance
Attach to storage domains

Then assign that permission at the datacenter level, or even better the cluster 
level

And add permissions as needed

I will get you some screen shots when I get home



On Jan 29, 2015 7:13 AM, Yaniv Dary  wrote:
>
> WebAdmin is for admin and has permissions to see anything in the system.
> For power users please use the power user portal.
>
> On 01/29/2015 10:35 AM, Nikolai Bochev wrote:
> > Hello,
> >
> > I've been running ovirt hosted engine for around a month already 
> > without any major interruptions. Last week i tied it to freeipa, to be 
> > able to give permissions to other people, but so far no success 
> > because of the following problem :
> >
> > All users can see all VM's. I tried clearing all permission entries ( 
> > leaving the admin only ) and the re-adding and it didn't help at all.
> >
> > I am attaching a few screenshots to better describe :
> >
> >
> >
> >
> >
> > 
> > Most of the vm's have no permissions attached to them, but they are 
> > still visible to everyone that logs from the userpanel
> > What am i doing wrong ?
> >
> > Regards,
> >
> >
> > ___
> > Users mailing list
> > Users@ovirt.org
> > http://lists.ovirt.org/mailman/listinfo/users
>
> -- 
> Yaniv Dary
> Red Hat Israel Ltd.
> 34 Jerusalem Road
> Building A, 4th floor
> Ra'anana, Israel 4350109
>
> Tel : +972 (9) 7692306
> 8272306
> Email: yd...@redhat.com
> IRC : ydary
>
> ___
> Users mailing list
> Users@ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] oVirt 3.5.1 user permissions

2015-01-29 Thread Yaniv Dary


WebAdmin is for admin and has permissions to see anything in the system.
For power users please use the power user portal.


On 01/29/2015 10:35 AM, Nikolai Bochev wrote:

Hello,

I've been running ovirt hosted engine for around a month already 
without any major interruptions. Last week i tied it to freeipa, to be 
able to give permissions to other people, but so far no success 
because of the following problem :


All users can see all VM's. I tried clearing all permission entries ( 
leaving the admin only ) and the re-adding and it didn't help at all.


I am attaching a few screenshots to better describe :






Most of the vm's have no permissions attached to them, but they are 
still visible to everyone that logs from the userpanel

What am i doing wrong ?

Regards,


___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


--
Yaniv Dary
Red Hat Israel Ltd.
34 Jerusalem Road
Building A, 4th floor
Ra'anana, Israel 4350109

Tel : +972 (9) 7692306
8272306
Email: yd...@redhat.com
IRC : ydary

___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] oVirt 3.5.1 user permissions

2015-01-29 Thread Ondra Machacek

If you add for example 'UserRole' on VM, then your user should login to 
UserPortal without any problem and see his VM.


On 01/29/2015 09:58 AM, Nikolai Bochev wrote:

Ok, but if i don't add "System" permissions to a user with "UserRole"
they cannot login at all ?

On Thu, Jan 29, 2015 at 10:56 AM, Ondra Machacek mailto:omach...@redhat.com>> wrote:



On 01/29/2015 09:35 AM, Nikolai Bochev wrote:

Hello,

I've been running ovirt hosted engine for around a month already
without
any major interruptions. Last week i tied it to freeipa, to be
able to
give permissions to other people, but so far no success because
of the
following problem :

All users can see all VM's. I tried clearing all permission
entries (
leaving the admin only ) and the re-adding and it didn't help at
all.

I am attaching a few screenshots to better describe :



The problem is that you are assigning system permissions.
If you assign system permissions you have permission to whole system.

If you want to assign a permission to user on a specific vm(or object),
you have to select the object, then click 'permissions' subtab, then
click 'add', then find your user and choose the role for him.





Most of the vm's have no permissions attached to them, but they are
still visible to everyone that logs from the userpanel
What am i doing wrong ?

Regards,


_
Users mailing list
Users@ovirt.org 
http://lists.ovirt.org/__mailman/listinfo/users




___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] oVirt 3.5.1 user permissions

2015-01-29 Thread Nikolai Bochev

Ok, but if i don't add "System" permissions to a user with "UserRole" they
cannot login at all ?

On Thu, Jan 29, 2015 at 10:56 AM, Ondra Machacek 
wrote:

>
>
> On 01/29/2015 09:35 AM, Nikolai Bochev wrote:
>
>> Hello,
>>
>> I've been running ovirt hosted engine for around a month already without
>> any major interruptions. Last week i tied it to freeipa, to be able to
>> give permissions to other people, but so far no success because of the
>> following problem :
>>
>> All users can see all VM's. I tried clearing all permission entries (
>> leaving the admin only ) and the re-adding and it didn't help at all.
>>
>> I am attaching a few screenshots to better describe :
>>
>>
>>
> The problem is that you are assigning system permissions.
> If you assign system permissions you have permission to whole system.
>
> If you want to assign a permission to user on a specific vm(or object),
> you have to select the object, then click 'permissions' subtab, then click
> 'add', then find your user and choose the role for him.
>
>
>>
>>
>> 
>> Most of the vm's have no permissions attached to them, but they are
>> still visible to everyone that logs from the userpanel
>> What am i doing wrong ?
>>
>> Regards,
>>
>>
>> ___
>> Users mailing list
>> Users@ovirt.org
>> http://lists.ovirt.org/mailman/listinfo/users
>>
>>
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] oVirt 3.5.1 user permissions

2015-01-29 Thread Ondra Machacek




On 01/29/2015 09:35 AM, Nikolai Bochev wrote:

Hello,

I've been running ovirt hosted engine for around a month already without
any major interruptions. Last week i tied it to freeipa, to be able to
give permissions to other people, but so far no success because of the
following problem :

All users can see all VM's. I tried clearing all permission entries (
leaving the admin only ) and the re-adding and it didn't help at all.

I am attaching a few screenshots to better describe :




The problem is that you are assigning system permissions.
If you assign system permissions you have permission to whole system.

If you want to assign a permission to user on a specific vm(or object),
you have to select the object, then click 'permissions' subtab, then 
click 'add', then find your user and choose the role for him.







Most of the vm's have no permissions attached to them, but they are
still visible to everyone that logs from the userpanel
What am i doing wrong ?

Regards,


___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users


___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] oVirt 3.5.1 user permissions

Re: [ovirt-users] oVirt 3.5.1 user permissions

Re: [ovirt-users] oVirt 3.5.1 user permissions

Re: [ovirt-users] oVirt 3.5.1 user permissions

Re: [ovirt-users] oVirt 3.5.1 user permissions

Re: [ovirt-users] oVirt 3.5.1 user permissions

Re: [ovirt-users] oVirt 3.5.1 user permissions

Re: [ovirt-users] oVirt 3.5.1 user permissions

Re: [ovirt-users] oVirt 3.5.1 user permissions

Re: [ovirt-users] oVirt 3.5.1 user permissions

Re: [ovirt-users] oVirt 3.5.1 user permissions

11 matches

Site Navigation

Mail list logo

Footer information