Sorry, there was an another one: UserProfileEditor on (System) which someone mistakenly granted probably, but removing it makes no difference, user still sees the Expanded tab. There are no groups in this system. In short, these permissions are inherited from Everyone:
UserTemplateBasedVm CpuProfileOperator VnicProfileUser And these are granted explicitly on objects: UserRole (on a VM Pool) UserRole (on a VM of the VM Pool) 2016-03-19 7:22 GMT+00:00 Oved Ourfali <oourf...@redhat.com>: > As far as I remember you're right. > Are you sure these are the only permissions? Maybe something inherited > from a group? > I can check the code next week to make sure nothing has changed. > On Mar 18, 2016 23:10, "James Michels" <karma.sometimes.hu...@gmail.com> > wrote: > >> Hi, >> >> This is oVirt 3.6.3.4, and I have a user with the following permissions. >> >> Role | Object | Inherited permission >> UserTemplateBasedVm | Small (VM Template) | Everyone >> UserTemplateBasedVm | Medium (VM Template) | Everyone >> UserTemplateBasedVm | Large (VM Template) | Everyone >> UserTemplateBasedVm | XLarge (VM Template) | Everyone >> UserTemplateBasedVm | ubuntu-14 (VM Template) | Everyone >> UserTemplateBasedVm | centos-7 (VM Template) | Everyone >> CpuProfileOperator | Default (CpuProfile) | Everyone >> VnicProfileUser | LAN1 (Vnic Profile) | Everyone >> VnicProfileUser | LAN2 (Vnic Profile) | Everyone >> UserRole | instance (VM Pool) | >> UserRole | instance-6 (VM) | >> >> This user can see the Extended tab when logged in to the User panel. >> However AFAIK only PowerUserRole grants access to that tab. Which >> permission(s) is allowing the user to see the tab? >> >> Thanks >> >> James >> >> _______________________________________________ >> Users mailing list >> Users@ovirt.org >> http://lists.ovirt.org/mailman/listinfo/users >> >>
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
