On Wed, 16 May 2018 at 16:01 Aziz <[email protected]> wrote: > Hi All, > > Thank you Roy, this is working now as expected, however, I think the Edit > button, should be removed for this user, there is no need to display the > edit button if the user cannot use it to perform any operation, am I > missing something ? > > You mean in the VM portal the user sees he can edit a VM when he doesn't have permission to? I assume we don't go to a resolution of button per permission ( +Greg Sheremeta <[email protected]> right? ) Instead the user would get and error from the engine that he isn't authorized to perform this action.
> > Best regards > > On Wed, May 16, 2018 at 9:12 AM, Peter Hudec <[email protected]> wrote: > >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA512 >> >> I have found 2 related bug, a little bit older >> >> https://bugzilla.redhat.com/show_bug.cgi?id=1209505 >> https://bugzilla.redhat.com/show_bug.cgi?id=1225274 >> >> But these are related only to DiskProfile. >> >> I haven't found any work about 'Everyone' group in documentation, so >> I'm little bit confused why there is such a group. >> >> Peter >> >> On 15/05/2018 23:02, Peter Hudec wrote: >> > Hi, >> > >> > I'm fancing the same problem. >> > >> > The steps are - create user /tester/ using the ovirt-aaa-jdbc-tool >> > - login as admin into admin portal - add tester user in >> > Administation -> Users - choose one VM and add UserRole role >> > >> > - login as testr into User Potal - user could see all VM.. >> > >> > The problem could be, that the user is part of the group Everyone >> > and this group could be found in Administration -> Configure > >> > System Permissions. When you check the group permisson, it seems >> > to be automatically populated by engine. >> > >> > In my case I[m using default DC, default cluster and 'internal' >> > profile . >> > >> > Seems that all engine object is included in Everyone group. >> > >> > regards Peter >> > >> > On 15/05/2018 22:03, Roy Golan wrote: >> > >> > >> >> On Tue, 15 May 2018 at 21:47 Aziz <[email protected] >> >> <mailto:[email protected]>> wrote: >> > >> >> Hi Roy, >> > >> >> Thanks for your feedback, I'm unable to remove the user from the >> >> cluster, I used the command "|ovirt-aaa-jdbc-tool user add|" to >> >> add the new user, and it seems that by default it took all >> >> permissions over the cluster. Is there any document describing >> >> this feature in details ? >> > >> > >> > >> >> In the webadmin go to Administration -> Configure > System >> >> Permissions. If the user is there, remove him. Then search for >> >> the VM and add permissions to the user on the VM Check your end >> >> result in the 'permisions' section of the VM to see who has >> >> permissions on it. >> > >> >> This should be helpful, quite long though >> >> https://www.ovirt.org/documentation/admin-guide/chap-Users_and_Roles/ >> > >> >> >> >> >> > >> > This is for the tool itself >> >> https://www.ovirt.org/develop/release-management/features/infra/aaa-j >> d >> > >> >> >> >> >> bc/ >> > >> > >> > >> > >> >> Thanks >> > >> >> On Tue, May 15, 2018 at 6:31 PM, Roy Golan <[email protected] >> >> <mailto:[email protected]>> wrote: >> > >> >> 1. Make sure your users use the VM portal 2. Assign permission on >> >> VM to a certain user to make sure it apears in the portal. The >> >> Role should be VmOperator afaik. >> > >> >> Permission set on objects higher in the hierarchy are cascading, >> >> i.e a user with permission on a cluster would have the permission >> >> on the all the vm in cluster. >> > >> > >> >> On Tue, 15 May 2018 at 20:59 Aziz <[email protected] >> >> <mailto:[email protected]>> wrote: >> > >> >> Hi list, >> > >> >> I'm trying to remove the default "everyone" user from Ovirt, so >> >> that each user can have access to its own interface to manage a >> >> unique VM. I wonder if this is possible, because so far I'm >> >> unable to remove everyone user. >> > >> >> Thank you >> > >> > >> >> _______________________________________________ Users mailing >> >> list -- [email protected] <mailto:[email protected]> To unsubscribe >> >> send an email to [email protected] >> >> <mailto:[email protected]> >> > >> > >> > >> > >> >> _______________________________________________ Users mailing >> >> list -- [email protected] To unsubscribe send an email to >> >> [email protected] >> > >> > >> > >> > >> >> - -- >> *Peter Hudec* >> Infraštruktúrny architekt >> [email protected] <mailto:[email protected]> >> >> *CNC, a.s.* >> Borská 6, 841 04 Bratislava >> Recepcia: +421 2 35 000 100 >> >> Mobil:+421 905 997 203 <+421%20905%20997%20203> >> *www.cnc.sk* <http:///www.cnc.sk> >> >> -----BEGIN PGP SIGNATURE----- >> >> iQIzBAEBCgAdFiEEqSUbhuEwhryifNeVQnvVWOJ35BAFAlr79fIACgkQQnvVWOJ3 >> 5BBGXxAAsa0Rhs+bCisRfnD665bvRpA81yoRRJQFVYSnDZOqWVZzzTsnY4CtBAOM >> MG4CTvbvHXHCL304O0a4xBqpwINzcXSieyx2Vqbcxe2Fq+VRqRgq+z+3wm1L26Eb >> 6KraPpTlieXmbvYD2Wfu8PcGS1JFwS37FnV98EadiPCahPO7JQUBRLaErQZvi986 >> BZ7x/qUZWk5C4sEkP+eCM/94u3ZaMB4LSLXJqvHLpRYEGs1aOc4xhrxWVO2HLc4t >> aaVveS40rufogjjHzV0E++fx9XFpHpIHwfG8DsVZsIz5yyq9qQz+mt0gmvM7A81m >> myJQit/bQ/9j/ew/7pJNKtmv4fOB4hkCrn9tgLyhc9JIvRGmG9zymMloXdSAWvqr >> eKSsVOcInmgb+gsKS0upIR+Ow3zGeUzwkHdqTJAtNtyg66DpNKvT2B010t86vO9z >> 4ggTVcMG/+Y2c3Zu78yCSSI+0rO/R+kSTL/v8QlCk5ke4OW5iXNEIFhuUZY8905U >> OesB27XqXdJtZibaL6YGNG3f8GcaQgNhkGPmzVxIge+KQNwLOyV4VIJaYEFAiJgz >> H2OIGzKKk97OhWmRm68NUYebdyG6Pi6SL2M3fhzb0Qn/YiUCr/GygQfd455ok81e >> tF5UxMz1mHSN9UQV30GaPy+pR70bh3AF83E4vmjznKAmhspBB68= >> =7qJi >> -----END PGP SIGNATURE----- >> _______________________________________________ >> Users mailing list -- [email protected] >> To unsubscribe send an email to [email protected] >> > > _______________________________________________ > Users mailing list -- [email protected] > To unsubscribe send an email to [email protected] >
_______________________________________________ Users mailing list -- [email protected] To unsubscribe send an email to [email protected]
