On Wed, May 16, 2018 at 9:09 AM, Roy Golan <[email protected]> wrote:
> On Wed, 16 May 2018 at 16:01 Aziz <[email protected]> wrote: > >> Hi All, >> >> Thank you Roy, this is working now as expected, however, I think the Edit >> button, should be removed for this user, there is no need to display the >> edit button if the user cannot use it to perform any operation, am I >> missing something ? >> >> You mean in the VM portal the user sees he can edit a VM when he doesn't > have permission to? I assume we don't go to a resolution of button per > permission ( +Greg Sheremeta <[email protected]> right? ) > Instead the user would get and error from the engine that he isn't > authorized to perform this action. > In both Administration Portal and VM Portal, we generally don't have pre-flight checks to see if users have access to buttons. There is an existing RFE, Bug 1221694 – [RFE] Role based views in webui https://bugzilla.redhat.com/show_bug.cgi?id=1221694 Greg > > >> >> Best regards >> >> On Wed, May 16, 2018 at 9:12 AM, Peter Hudec <[email protected]> wrote: >> >>> -----BEGIN PGP SIGNED MESSAGE----- >>> Hash: SHA512 >>> >>> I have found 2 related bug, a little bit older >>> >>> https://bugzilla.redhat.com/show_bug.cgi?id=1209505 >>> https://bugzilla.redhat.com/show_bug.cgi?id=1225274 >>> >>> But these are related only to DiskProfile. >>> >>> I haven't found any work about 'Everyone' group in documentation, so >>> I'm little bit confused why there is such a group. >>> >>> Peter >>> >>> On 15/05/2018 23:02, Peter Hudec wrote: >>> > Hi, >>> > >>> > I'm fancing the same problem. >>> > >>> > The steps are - create user /tester/ using the ovirt-aaa-jdbc-tool >>> > - login as admin into admin portal - add tester user in >>> > Administation -> Users - choose one VM and add UserRole role >>> > >>> > - login as testr into User Potal - user could see all VM.. >>> > >>> > The problem could be, that the user is part of the group Everyone >>> > and this group could be found in Administration -> Configure > >>> > System Permissions. When you check the group permisson, it seems >>> > to be automatically populated by engine. >>> > >>> > In my case I[m using default DC, default cluster and 'internal' >>> > profile . >>> > >>> > Seems that all engine object is included in Everyone group. >>> > >>> > regards Peter >>> > >>> > On 15/05/2018 22:03, Roy Golan wrote: >>> > >>> > >>> >> On Tue, 15 May 2018 at 21:47 Aziz <[email protected] >>> >> <mailto:[email protected]>> wrote: >>> > >>> >> Hi Roy, >>> > >>> >> Thanks for your feedback, I'm unable to remove the user from the >>> >> cluster, I used the command "|ovirt-aaa-jdbc-tool user add|" to >>> >> add the new user, and it seems that by default it took all >>> >> permissions over the cluster. Is there any document describing >>> >> this feature in details ? >>> > >>> > >>> > >>> >> In the webadmin go to Administration -> Configure > System >>> >> Permissions. If the user is there, remove him. Then search for >>> >> the VM and add permissions to the user on the VM Check your end >>> >> result in the 'permisions' section of the VM to see who has >>> >> permissions on it. >>> > >>> >> This should be helpful, quite long though >>> >> https://www.ovirt.org/documentation/admin-guide/chap-Users_and_Roles/ >>> > >>> >> >>> >> >>> > >>> > This is for the tool itself >>> >> https://www.ovirt.org/develop/release-management/features/infra/aaa-j >>> d >>> > >>> >> >>> >> >>> bc/ >>> > >>> > >>> > >>> > >>> >> Thanks >>> > >>> >> On Tue, May 15, 2018 at 6:31 PM, Roy Golan <[email protected] >>> >> <mailto:[email protected]>> wrote: >>> > >>> >> 1. Make sure your users use the VM portal 2. Assign permission on >>> >> VM to a certain user to make sure it apears in the portal. The >>> >> Role should be VmOperator afaik. >>> > >>> >> Permission set on objects higher in the hierarchy are cascading, >>> >> i.e a user with permission on a cluster would have the permission >>> >> on the all the vm in cluster. >>> > >>> > >>> >> On Tue, 15 May 2018 at 20:59 Aziz <[email protected] >>> >> <mailto:[email protected]>> wrote: >>> > >>> >> Hi list, >>> > >>> >> I'm trying to remove the default "everyone" user from Ovirt, so >>> >> that each user can have access to its own interface to manage a >>> >> unique VM. I wonder if this is possible, because so far I'm >>> >> unable to remove everyone user. >>> > >>> >> Thank you >>> > >>> > >>> >> _______________________________________________ Users mailing >>> >> list -- [email protected] <mailto:[email protected]> To unsubscribe >>> >> send an email to [email protected] >>> >> <mailto:[email protected]> >>> > >>> > >>> > >>> > >>> >> _______________________________________________ Users mailing >>> >> list -- [email protected] To unsubscribe send an email to >>> >> [email protected] >>> > >>> > >>> > >>> > >>> >>> - -- >>> *Peter Hudec* >>> Infraštruktúrny architekt >>> [email protected] <mailto:[email protected]> >>> >>> *CNC, a.s.* >>> Borská 6, 841 04 Bratislava >>> <https://maps.google.com/?q=Borsk%C3%A1+6,+841+04+Bratislava&entry=gmail&source=g> >>> Recepcia: +421 2 35 000 100 >>> >>> Mobil:+421 905 997 203 <+421%20905%20997%20203> >>> *www.cnc.sk* <http:///www.cnc.sk> >>> >>> -----BEGIN PGP SIGNATURE----- >>> >>> iQIzBAEBCgAdFiEEqSUbhuEwhryifNeVQnvVWOJ35BAFAlr79fIACgkQQnvVWOJ3 >>> 5BBGXxAAsa0Rhs+bCisRfnD665bvRpA81yoRRJQFVYSnDZOqWVZzzTsnY4CtBAOM >>> MG4CTvbvHXHCL304O0a4xBqpwINzcXSieyx2Vqbcxe2Fq+VRqRgq+z+3wm1L26Eb >>> 6KraPpTlieXmbvYD2Wfu8PcGS1JFwS37FnV98EadiPCahPO7JQUBRLaErQZvi986 >>> BZ7x/qUZWk5C4sEkP+eCM/94u3ZaMB4LSLXJqvHLpRYEGs1aOc4xhrxWVO2HLc4t >>> aaVveS40rufogjjHzV0E++fx9XFpHpIHwfG8DsVZsIz5yyq9qQz+mt0gmvM7A81m >>> myJQit/bQ/9j/ew/7pJNKtmv4fOB4hkCrn9tgLyhc9JIvRGmG9zymMloXdSAWvqr >>> eKSsVOcInmgb+gsKS0upIR+Ow3zGeUzwkHdqTJAtNtyg66DpNKvT2B010t86vO9z >>> 4ggTVcMG/+Y2c3Zu78yCSSI+0rO/R+kSTL/v8QlCk5ke4OW5iXNEIFhuUZY8905U >>> OesB27XqXdJtZibaL6YGNG3f8GcaQgNhkGPmzVxIge+KQNwLOyV4VIJaYEFAiJgz >>> H2OIGzKKk97OhWmRm68NUYebdyG6Pi6SL2M3fhzb0Qn/YiUCr/GygQfd455ok81e >>> tF5UxMz1mHSN9UQV30GaPy+pR70bh3AF83E4vmjznKAmhspBB68= >>> =7qJi >>> -----END PGP SIGNATURE----- >>> _______________________________________________ >>> Users mailing list -- [email protected] >>> To unsubscribe send an email to [email protected] >>> >> >> _______________________________________________ >> Users mailing list -- [email protected] >> To unsubscribe send an email to [email protected] >> > -- GREG SHEREMETA SENIOR SOFTWARE ENGINEER - TEAM LEAD - RHV UX Red Hat NA <https://www.redhat.com/> [email protected] IRC: gshereme <https://red.ht/sig>
_______________________________________________ Users mailing list -- [email protected] To unsubscribe send an email to [email protected]
