You are looking for this to look like its multi tenant? I setup CloudSpin to do exactly that. Each user can only see their own VMS. Do I have your question correct?
Donny D On Jun 30, 2015 5:27 PM, "David Smith" <[email protected]> wrote: > version 3.5.2-1.el6 > using ldap authz; this piece is working OK, and verified OK. > > I use the "Everyone" user to provide default permissions; that includes > PowerUserRole for the data center, a bunch of usertemplatebasedVMs, some > VnicProfileUser, DiskProfileUser, etc. > > I add a new user in LDAP; and verify LDAP credentials work (ie, log in to > another system that uses the same ldap server) > LDAP confirmed working for *other* ovirt users-- not an LDAP issue as far > as I can tell. > > I do *not* specifically add each LDAP user to oVirt, they're added to > "groups" in LDAP, so if they have the right group, they should be able to > authenticate to oVirt and use the system without me adding each user > individually. > > In any case the narrowed down problem is this: > If the user doesn't have permissions (UserRole, etc) for *any* VMs, > instead of logging in and getting a blank VM list, they get "User is not > authorized to perform this action." > > If I add that specific user to a test placeholder VM, they can log in. > Once they have a VM created, I can erase their user-specific permissions to > that initial test VM and everything works as expected. They are able to log > in, create VMs, etc. > > If I remove all permissions for VMs from a user, they get this error. > > Expected behavior: > User without any permissions to any VMs should simply get a blank VM list > on login. That way they can create a VM and go from there. > > Thanks for any help/suggestions, > David > > _______________________________________________ > Users mailing list > [email protected] > http://lists.ovirt.org/mailman/listinfo/users > >
_______________________________________________ Users mailing list [email protected] http://lists.ovirt.org/mailman/listinfo/users
