http://lists.ovirt.org/pipermail/users/2015-January/030981.html On Jun 30, 2015 6:16 PM, "Donny Davis" <[email protected]> wrote:
> Add login permissions only at the data center for the group. This allows > them to login, but not view anything. You have to create custom permission > to do what you are looking for. > On Jun 30, 2015 6:13 PM, "David Smith" <[email protected]> wrote: > >> Correct, each user has their own VMs. Only a few share VMs (those >> permissions are assigned manually) >> >> The issue is that when they have 0 VMs assigned to them, the system >> throws the login error that they're not authorized, at least until I add a >> placeholder VM so they can log in and set themselves up. >> >> >> On Tue, Jun 30, 2015 at 3:09 PM, Donny Davis <[email protected]> wrote: >> >>> You are looking for this to look like its multi tenant? >>> >>> I setup CloudSpin to do exactly that. Each user can only see their own >>> VMS. >>> Do I have your question correct? >>> >>> Donny D >>> On Jun 30, 2015 5:27 PM, "David Smith" <[email protected]> wrote: >>> >>>> version 3.5.2-1.el6 >>>> using ldap authz; this piece is working OK, and verified OK. >>>> >>>> I use the "Everyone" user to provide default permissions; that includes >>>> PowerUserRole for the data center, a bunch of usertemplatebasedVMs, some >>>> VnicProfileUser, DiskProfileUser, etc. >>>> >>>> I add a new user in LDAP; and verify LDAP credentials work (ie, log in >>>> to another system that uses the same ldap server) >>>> LDAP confirmed working for *other* ovirt users-- not an LDAP issue as >>>> far as I can tell. >>>> >>>> I do *not* specifically add each LDAP user to oVirt, they're added to >>>> "groups" in LDAP, so if they have the right group, they should be able to >>>> authenticate to oVirt and use the system without me adding each user >>>> individually. >>>> >>>> In any case the narrowed down problem is this: >>>> If the user doesn't have permissions (UserRole, etc) for *any* VMs, >>>> instead of logging in and getting a blank VM list, they get "User is not >>>> authorized to perform this action." >>>> >>>> If I add that specific user to a test placeholder VM, they can log in. >>>> Once they have a VM created, I can erase their user-specific permissions to >>>> that initial test VM and everything works as expected. They are able to log >>>> in, create VMs, etc. >>>> >>>> If I remove all permissions for VMs from a user, they get this error. >>>> >>>> Expected behavior: >>>> User without any permissions to any VMs should simply get a blank VM >>>> list on login. That way they can create a VM and go from there. >>>> >>>> Thanks for any help/suggestions, >>>> David >>>> >>>> _______________________________________________ >>>> Users mailing list >>>> [email protected] >>>> http://lists.ovirt.org/mailman/listinfo/users >>>> >>>> >>
_______________________________________________ Users mailing list [email protected] http://lists.ovirt.org/mailman/listinfo/users
