Correct, each user has their own VMs. Only a few share VMs (those permissions are assigned manually)
The issue is that when they have 0 VMs assigned to them, the system throws the login error that they're not authorized, at least until I add a placeholder VM so they can log in and set themselves up. On Tue, Jun 30, 2015 at 3:09 PM, Donny Davis <[email protected]> wrote: > You are looking for this to look like its multi tenant? > > I setup CloudSpin to do exactly that. Each user can only see their own > VMS. > Do I have your question correct? > > Donny D > On Jun 30, 2015 5:27 PM, "David Smith" <[email protected]> wrote: > >> version 3.5.2-1.el6 >> using ldap authz; this piece is working OK, and verified OK. >> >> I use the "Everyone" user to provide default permissions; that includes >> PowerUserRole for the data center, a bunch of usertemplatebasedVMs, some >> VnicProfileUser, DiskProfileUser, etc. >> >> I add a new user in LDAP; and verify LDAP credentials work (ie, log in to >> another system that uses the same ldap server) >> LDAP confirmed working for *other* ovirt users-- not an LDAP issue as far >> as I can tell. >> >> I do *not* specifically add each LDAP user to oVirt, they're added to >> "groups" in LDAP, so if they have the right group, they should be able to >> authenticate to oVirt and use the system without me adding each user >> individually. >> >> In any case the narrowed down problem is this: >> If the user doesn't have permissions (UserRole, etc) for *any* VMs, >> instead of logging in and getting a blank VM list, they get "User is not >> authorized to perform this action." >> >> If I add that specific user to a test placeholder VM, they can log in. >> Once they have a VM created, I can erase their user-specific permissions to >> that initial test VM and everything works as expected. They are able to log >> in, create VMs, etc. >> >> If I remove all permissions for VMs from a user, they get this error. >> >> Expected behavior: >> User without any permissions to any VMs should simply get a blank VM list >> on login. That way they can create a VM and go from there. >> >> Thanks for any help/suggestions, >> David >> >> _______________________________________________ >> Users mailing list >> [email protected] >> http://lists.ovirt.org/mailman/listinfo/users >> >>
_______________________________________________ Users mailing list [email protected] http://lists.ovirt.org/mailman/listinfo/users
