Thanks, that clarifies quite a bit. The permissions are being applied to "System" for the regular UserRole, but I don't see where to define what objects the roles are assigned to.
On Wed, May 7, 2014 at 2:28 AM, Oved Ourfalli <[email protected]> wrote: > Hi Jeff > > Roles determine two things: > 1. What the user can see > 2. What the user can do > > It is important to know on who is the user, what is the role (UserRole? as > you also mentioned SuperUser?) and on what object(s) was the role granted > on. > Assuming it is UserRole, on a specific user, then: > If on a VM, then the user can see/operate on this VM. > If on a Cluster, then the user can see/operate on all the VMs in this > cluster. > If on a DC, then the user can see/operate on all the VMs in clusters that > are part of this DC. > If on System, then the user can see/operate on all the VMs in the system. > > So the hierarchy is System-->DC-->Cluster-->VM. > I hope this clarifies you question. > > Regards, > Oved > > > ----- Original Message ----- > > From: "Jeff Clay" <[email protected]> > > To: [email protected] > > Sent: Monday, May 5, 2014 10:31:53 PM > > Subject: [ovirt-users] user portal permissions > > > > For some reason, when logged in as a user with a modifed copy role of > > UserRole (only has login permssion and VM -> Basic Operations -> Remote > Log > > In permission) the user can see all of the VM's and has the ability to > open > > a console, start, shutdown or suspend any of the VM's. I have verified > that > > all of the VM's only show the SuperUser role in their permissions. I went > > through all of the roles and verified that the user is only a member of > the > > Copy_of_UserRole. The only thing I can think of is that the user is > > inheriting permissions from something, but I can't find what it is or > where. > > Any suggestions? > > > > Thanks. > > > > _______________________________________________ > > Users mailing list > > [email protected] > > http://lists.ovirt.org/mailman/listinfo/users > > >
_______________________________________________ Users mailing list [email protected] http://lists.ovirt.org/mailman/listinfo/users
