----- Original Message ----- > From: "Itamar Heim" <ih...@redhat.com> > To: "Sven Kieske" <s.kie...@mittwald.de>, "Users@ovirt.org List" > <Users@ovirt.org>, "Yair Zaslavsky" > <yzasl...@redhat.com> > Sent: Wednesday, March 26, 2014 12:46:28 PM > Subject: Re: [Users] API read-only access / roles > > On 03/26/2014 06:39 AM, Sven Kieske wrote: > > > > > > Am 26.03.2014 11:21, schrieb Itamar Heim: > >> On 03/26/2014 06:16 AM, Sven Kieske wrote: > >>> Hi, > >>> > >>> as we now have setup ldap, now the question which > >>> never got answered in the first place: > >>> > >>> 1. > >>> which rights do I need for read only access? > >>> > >>> as stated in BZ just login rights won't suffice. > >> > >> an admin role with login? why not? > >> i thought we even pre-created such a default read only role by now: > >> Bug 1038222 - [RFE] Read Only Admin role in AP > >> > >> (and you can create one yourself in 3.3 as well iirc) > >> > > What would happen if I create this user myself > > and I want to upgrade to 3.4 somewhere in time? > > > > My guess would be the upgrade would fail if this > > user gets added automatically, because it is already > > there? > > > > its not a user. its a system defined role. > you can create a user defined role (with a different name) > you should do this via the GUI in 3.3, not via the db (then the uuid > will be different as well, and no upgrade issues)
Regarding your upgrade question - I would like to add that although we have a hard-coded internal admin user, your "read only" user (that is, a user you assigned the role you created) is not a hard coded one. I don't think we will go for a strategy of adding another "hardcoded" user for read only , so you should not have upgrade issues. > _______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users