I figured it out. I was using Configure -> System Permissions to add my users and assign them to roles. Removing the users from there and adding them under the Permissions tab on the actual object did what I wanted it to.
On Wed, May 7, 2014 at 10:14 AM, Jeff Clay <[email protected]> wrote: > Thanks, that clarifies quite a bit. The permissions are being applied to > "System" for the regular UserRole, but I don't see where to define what > objects the roles are assigned to. > > > On Wed, May 7, 2014 at 2:28 AM, Oved Ourfalli <[email protected]> wrote: > >> Hi Jeff >> >> Roles determine two things: >> 1. What the user can see >> 2. What the user can do >> >> It is important to know on who is the user, what is the role (UserRole? >> as you also mentioned SuperUser?) and on what object(s) was the role >> granted on. >> Assuming it is UserRole, on a specific user, then: >> If on a VM, then the user can see/operate on this VM. >> If on a Cluster, then the user can see/operate on all the VMs in this >> cluster. >> If on a DC, then the user can see/operate on all the VMs in clusters that >> are part of this DC. >> If on System, then the user can see/operate on all the VMs in the system. >> >> So the hierarchy is System-->DC-->Cluster-->VM. >> I hope this clarifies you question. >> >> Regards, >> Oved >> >> >> ----- Original Message ----- >> > From: "Jeff Clay" <[email protected]> >> > To: [email protected] >> > Sent: Monday, May 5, 2014 10:31:53 PM >> > Subject: [ovirt-users] user portal permissions >> > >> > For some reason, when logged in as a user with a modifed copy role of >> > UserRole (only has login permssion and VM -> Basic Operations -> Remote >> Log >> > In permission) the user can see all of the VM's and has the ability to >> open >> > a console, start, shutdown or suspend any of the VM's. I have verified >> that >> > all of the VM's only show the SuperUser role in their permissions. I >> went >> > through all of the roles and verified that the user is only a member of >> the >> > Copy_of_UserRole. The only thing I can think of is that the user is >> > inheriting permissions from something, but I can't find what it is or >> where. >> > Any suggestions? >> > >> > Thanks. >> > >> > _______________________________________________ >> > Users mailing list >> > [email protected] >> > http://lists.ovirt.org/mailman/listinfo/users >> > >> > >
_______________________________________________ Users mailing list [email protected] http://lists.ovirt.org/mailman/listinfo/users
