Hi oVirt community, I'm playing with a multitenant use-case in oVirt 3.4.6... My setup is as follows: - I have two working Data Centers (DC1 and DC2) - I created two additional users DC1-admin and DC2-admin - In DC1 permission settings I've added DC1-admin as a user with a builtin DataCenterAdmin Role. - In DC2 permission settings I've added DC2-admin as a user with a builtin DataCenterAdmin Role.
Now in terms of permissions all is good: DC1-admin is not able to modify anything in DC2 and DC2-admin is not able to modify anything in DC1. However in both the Admin Portal and the VM Portal DC1-admin and DC2-admin can still see all other datacenter resources. My expectation was that if I login to the Admin Portal as e.g. DC2-admin I will only see DC2 datacenter in the GUI and nothing else. Same with VM Portal. I played with different user settings but I couldn't make it work... I think the problem is that whatever user you create it will always belong to the build-in "everyone" group and inherit permission to see everything in the portal. Is it possible to achieve a scenario where e.g. DC2-admin will login to the Admin Portal and only see resources that belong to DC2 and nothing else? Thanks, Michal
_______________________________________________ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/KF6PN6WBHPMQ5YKUNI7PU7MSEMIOOXSA/
