[ovirt-users] Re: Preventing users to see other VMs

Mon, 21 May 2018 04:22:02 -0700 

On Wed, 16 May 2018 at 17:21 Peter Hudec <[email protected]> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
>
> Hi all,
>
> works !! ;) Seems that there is some caching in User Portal.
> But there is still a question how could I remove user from the role
> everyone ? For example I want to assign only specific vNIC Profiles,
> Storage Domains, ...
>
>
All users belong to 'everyone', it is a group. A *role* is bunch of
*actions* you can perform on an *Object*
Maybe this will help: create new role, assign only the actions you want for
it. Then assign this role to your user, *on the specific objects* you want
him to manage.

        Peter
>
> On 16/05/2018 14:57, Aziz wrote:
> > Hi All,
> >
> > Thank you Roy, this is working now as expected, however, I think
> > the Edit button, should  be removed for this user, there is no need
> > to display the edit button if the user cannot use it to perform
> > any operation, am I missing something ?
> >
> >
> > Best regards
> >
> > On Wed, May 16, 2018 at 9:12 AM, Peter Hudec <[email protected]
> > <mailto:[email protected]>> wrote:
> >
> > I have found 2 related bug, a little bit older
> >
> > https://bugzilla.redhat.com/show_bug.cgi?id=1209505
> > <https://bugzilla.redhat.com/show_bug.cgi?id=1209505>
> > https://bugzilla.redhat.com/show_bug.cgi?id=1225274
> > <https://bugzilla.redhat.com/show_bug.cgi?id=1225274>
> >
> > But these are related only to DiskProfile.
> >
> > I haven't found any work about 'Everyone' group in documentation,
> > so I'm little bit confused why there is such a group.
> >
> > Peter
> >
> > On 15/05/2018 23:02, Peter Hudec wrote:
> >> Hi,
> >
> >> I'm fancing the same problem.
> >
> >> The steps are - create user /tester/ using the
> >> ovirt-aaa-jdbc-tool - login as admin into admin portal - add
> >> tester user in Administation -> Users - choose one VM and add
> >> UserRole role
> >
> >> - login as testr into User Potal - user could see all VM..
> >
> >> The problem could be, that the user is part of the group
> >> Everyone and this group could be found in Administration ->
> >> Configure > System Permissions. When you check the group
> >> permisson, it seems to be automatically populated by engine.
> >
> >> In  my case I[m using default DC, default cluster and 'internal'
> >> profile .
> >
> >> Seems that all engine object is included in Everyone group.
> >
> >> regards Peter
> >
> >> On 15/05/2018 22:03, Roy Golan wrote:
> >
> >
> >>> On Tue, 15 May 2018 at 21:47 Aziz <[email protected]
> > <mailto:[email protected]>
> >>> <mailto:[email protected] <mailto:[email protected]>>>
> >>> wrote:
> >
> >>> Hi Roy,
> >
> >>> Thanks for your feedback, I'm unable to remove the user from
> >>> the cluster, I used the command "|ovirt-aaa-jdbc-tool user
> >>> add|" to add the new user, and it seems that by default it took
> >>> all permissions over the cluster. Is there any document
> >>> describing this feature in details ?
> >
> >
> >
> >>> In the webadmin go to Administration -> Configure > System
> >>> Permissions. If the user is there, remove him. Then search for
> >>> the VM and add permissions to the user on the VM Check your
> >>> end result in the 'permisions' section of the VM to see who
> >>> has permissions on it.
> >
> >>> This should be helpful, quite long though
> >>>
> > https://www.ovirt.org/documentation/admin-guide/chap-Users_and_Roles/
> > <https://www.ovirt.org/documentation/admin-guide/chap-Users_and_Roles/
> >
> >
> >
> >>>
> >>>
> >
> >> This is for the tool itself
> >>>
> > https://www.ovirt.org/develop/release-management/features/infra/aaa-j
> > <https://www.ovirt.org/develop/release-management/features/infra/aaa-j
> >
> >
> >
> d
> >
> >>>
> >>>
> > bc/
> >
> >
> >
> >
> >>> Thanks
> >
> >>> On Tue, May 15, 2018 at 6:31 PM, Roy Golan <[email protected]
> > <mailto:[email protected]>
> >>> <mailto:[email protected] <mailto:[email protected]>>> wrote:
> >
> >>> 1. Make sure your users use the VM portal 2. Assign permission
> >>> on VM to a certain user to make sure it apears in the portal.
> >>> The Role should be VmOperator afaik.
> >
> >>> Permission set on objects higher in the hierarchy are
> >>> cascading, i.e a user with permission on a cluster would have
> >>> the permission on the all the vm in cluster.
> >
> >
> >>> On Tue, 15 May 2018 at 20:59 Aziz <[email protected]
> > <mailto:[email protected]>
> >>> <mailto:[email protected] <mailto:[email protected]>>>
> >>> wrote:
> >
> >>> Hi list,
> >
> >>> I'm trying to remove the default "everyone" user from Ovirt,
> >>> so that each user can have access to its own interface to
> >>> manage a unique VM. I wonder if this is possible, because so
> >>> far I'm unable to remove everyone user.
> >
> >>> Thank you
> >
> >
> >>> _______________________________________________ Users mailing
> >>> list -- [email protected] <mailto:[email protected]>
> > <mailto:[email protected] <mailto:[email protected]>> To unsubscribe
> >>> send an email to [email protected]
> > <mailto:[email protected]>
> >>> <mailto:[email protected] <mailto:[email protected]>>
> >
> >
> >
> >
> >>> _______________________________________________ Users mailing
> >>> list -- [email protected] <mailto:[email protected]> To
> >>> unsubscribe
> > send an email to
> >>> [email protected] <mailto:[email protected]>
> >
> >
> >
> >
> >
> > _______________________________________________ Users mailing list
> > -- [email protected] <mailto:[email protected]> To unsubscribe send an
> > email to [email protected] <mailto:[email protected]>
> >
> >
>
> - --
> *Peter Hudec*
> Infraštruktúrny architekt
> [email protected] <mailto:[email protected]>
>
> *CNC, a.s.*
> Borská 6, 841 04 Bratislava
> Recepcia: +421 2  35 000 100
>
> Mobil:+421 905 997 203 <+421%20905%20997%20203>
> *www.cnc.sk* <http:///www.cnc.sk>
>
> -----BEGIN PGP SIGNATURE-----
>
> iQIzBAEBCgAdFiEEqSUbhuEwhryifNeVQnvVWOJ35BAFAlr8ML4ACgkQQnvVWOJ3
> 5BAvRQ/+IJqGA6TT/+Pwti39tBHVkXioVUWIIe7RQ2qUgd+OpZJbM/vedrZlqNdj
> pStroH9s6eRjDDGxkumGnRyf6vz/hlCdCySg7ge7WHiz+7j2t7rypknO/z4TewTj
> bqbUnYwoLH3D9eYBFwB6z8qY2ZfIhZWaylENfsMvt0u/n42ZKUJKUDJcHOD0qG0T
> C8E3VMO8tav/feJMrMp9LPBwDe3cgcQimbrgd7TtKJd0XcYgIANsTOpLQI3Sj/ZX
> plCO5FyGmHvD1/I3wuF0q2zAz1LqfcGXa+onwt2Jwt6a2wtVGcQFpaiIUkMamL4z
> OMtBThQGr9a0C8+gcJzGBK9hGLI/Fxgp9UOpisCt3EoB6+psVP2x0M1jQrbfDYIL
> bFRlewJZufy6RsCxvgqAuA60RhkrAUAG8nmaanA2BTIaYtGn5J+REnyvLLUjnrRg
> Pva28ld0cW5FoIWasQRRED0MchojgYWFHjURrSLT/i51DlWVRs4cOfphAMJC/ogd
> aNDOvUNBO2+WbTGI9xESadMbFO8GNbAlH9b6X16v0OSa0ngh7dykFzz13aQ5e5/0
> SRTlE8+LvfXcM4Ehs8LxB/G9juVjo2AvTw16B7p4zFZKaWFf7GUzg1hzTh9muip5
> jHRMxzy5YsegWka9AEmjKsGP4rpCgYPidk4AJAdnHyj+bbdK3Mk=
> =vcPj
> -----END PGP SIGNATURE-----
> _______________________________________________
> Users mailing list -- [email protected]
> To unsubscribe send an email to [email protected]
>

_______________________________________________
Users mailing list -- [email protected]
To unsubscribe send an email to [email protected]

Reply via email to