On 10/26/2015 02:57 PM, Ondra Machacek wrote: > > > On 10/26/2015 02:53 PM, Jorick Astrego wrote: >> Hi, >> >> Currently I'm trying to add an ovirt compute resource in forman that >> is limited to the VM's of the user. >> >> When I give this user the PowerUser role, I cannot access the api: >> >> query execution failed due to insufficient permissions >> > > Are you sending header 'Filter: true' with the request ? > If your user is not admin(PowerUserRole is not admin role), > you have to use this header. > >
As I'm using forman, I have no control over this. There used to be a bug, but it should have been patched months ago: http://projects.theforeman.org/issues/6835 - ------------------------------------------------------------------------ *Description* Cloned from https://bugzilla.redhat.com/show_bug.cgi?id=1123676 Description of problem: When trying to create a rhev compute resource with non-admin RHEV user, the following error occurs: "query execution failed due to insufficient permissions." The reason for this is the RHEV needs to be called with 'Filter: true' headers for the api to work correctly with non-admin user. The rbovirt client library supports to specify the filtered_api option, but fog and foreman don't have a support for that https://github.com/abenari/rbovirt/blob/a7c277e3fc5698e55e95a9432997b1a9c8d486ae/lib/rbovirt.rb#L54-L55 History #1 <http://projects.theforeman.org/issues/6835#note-1> Updated by Dominic Cleal <http://projects.theforeman.org/users/3536> about 1 year <http://projects.theforeman.org/projects/foreman/activity?from=2014-07-30> ago * *Category* set to /Compute resources - oVirt/ * *Assigned To* deleted (/Dominic Cleal/) #2 <http://projects.theforeman.org/issues/6835#note-2> Updated by Tom Caspy <http://projects.theforeman.org/users/5429> 10 months <http://projects.theforeman.org/projects/foreman/activity?from=2015-01-13> ago added a pull request to the fog gem: https://github.com/fog/fog/pull/3393 #3 <http://projects.theforeman.org/issues/6835#note-3> Updated by Ohad Levy <http://projects.theforeman.org/users/3> 5 months <http://projects.theforeman.org/projects/foreman/activity?from=2015-06-09> ago Fog PR has been merged a while ago. The version of rbovirt we have is: ruby193-rubygem-rbovirt-0.0.35-1.el6.noarch Kind regards, Jorick >> >> When I give this user the SuperUser role, I can access the api. But I >> can see all the VM's of all users. >> >> How can I grant api access so the user can deploy through forman >> without giving access to all the vm's in our oVirt environment? >> >> Kind regards, >> >> Jorick >> >> >> >> >> Met vriendelijke groet, With kind regards, >> >> Jorick Astrego >> * >> Netbulae Virtualization Experts * >> ------------------------------------------------------------------------ >> Tel: 053 20 30 270 i...@netbulae.eu Staalsteden 4-3A KvK >> 08198180 >> Fax: 053 20 30 271 www.netbulae.eu 7547 TA Enschede BTW >> NL821234584B01 >> >> >> ------------------------------------------------------------------------ >> >> >> >> _______________________________________________ >> Users mailing list >> Users@ovirt.org >> http://lists.ovirt.org/mailman/listinfo/users > Met vriendelijke groet, With kind regards, Jorick Astrego Netbulae Virtualization Experts ---------------- Tel: 053 20 30 270 i...@netbulae.eu Staalsteden 4-3A KvK 08198180 Fax: 053 20 30 271 www.netbulae.eu 7547 TA Enschede BTW NL821234584B01 ----------------
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
