Just for the record, oVirt has a VM Portal which enables this use case without a need to change the permission.
On Sat, Dec 8, 2018, 14:05 Staniforth, Paul <[email protected] wrote: > Glad your sorted, I've added a bugzilla entry > > > https://bugzilla.redhat.com/show_bug.cgi?id=1656794 > > > basically Webadmin allows you to add a system permission to the everyone > group but you can't remove it. > > > Regards, > > Paul S. > ------------------------------ > *From:* Jacob Green <[email protected]> > *Sent:* 05 December 2018 17:45 > *To:* Staniforth, Paul > *Cc:* users > *Subject:* Re: [ovirt-users] The built in group Everyone is troublesome. > > > Thank you for your help! This worked flawlessly and helped me > understand the engine database a little more! > > On 12/04/2018 12:00 PM, Staniforth, Paul wrote: > > Get the id for the everyone group > https://engine.example.com/ovirt-engine/api/groups?search=everyone > > Get the id for the UserRole > https://engine.example.com/ovirt-engine/api/roles > > connect to the engine database > > e.g. > > psql -h localhost -U engine -d engine > > select * from permissions where ad_element_id='groupid'; > > note the id of the permission, probably the last one but you can check by > the role_id > then delete the permission. > > delete from permissions where id='noted before'; > > you should make a backup of your system before you do this. > > > > Regards, > > Paul S. > ------------------------------ > *From:* Staniforth, Paul > *Sent:* 04 December 2018 17:23 > *To:* Jacob Green > *Subject:* Re: [ovirt-users] The built in group Everyone is troublesome. > > > Yes, that's not good you need to remove the UserRole system permission but > they fixed it so you can't. > > https://bugzilla.redhat.com/show_bug.cgi?id=1366205 > > > I think there maybe a bug that allows you to add system permissions to the > everyone group in 4.2, you're only supposed to be able to change the > permissions with a dbscript. > > > I'll look up my notes on how to remove the permission from the DB. > > > Regards, > > Paul S. > > > ------------------------------ > *From:* Jacob Green <[email protected]> <[email protected]> > *Sent:* 04 December 2018 16:59 > *To:* Staniforth, Paul > *Subject:* Re: [ovirt-users] The built in group Everyone is troublesome. > > > > If the picture does not come through. The following are the permisstions > > Group > Everyone > > Everyone > Role - UserRole,UserProfileEditor Object : (System) > > On 12/04/2018 10:20 AM, Staniforth, Paul wrote: > > What are the permissions for the group everyone, in particular the system > permission should be just UserProfileEditor. > > Regards, > Paul S. > ________________________________________ > From: Jacob Green <[email protected]> <[email protected]> > Sent: 04 December 2018 15:20 > To: users > Subject: [ovirt-users] The built in group Everyone is troublesome. > > So all my VMs are inheriting system permissions from group > everyone and giving all my users access to all my VMs, in ovirt 4.2. Is > there a best practices guide or any recommendation on how to clear this > up? Clicking remove on everyone does not work because Ovirt won't allow > me to remove a built in account. > > > Thank you > > -- > Jacob Green > > Systems Admin > > American Alloy Steel > > 713-300-5690 > _______________________________________________ > Users mailing list -- [email protected] > To unsubscribe send an email to [email protected] > Privacy Statement: https://www.ovirt.org/site/privacy-policy/ > oVirt Code of Conduct: > https://www.ovirt.org/community/about/community-guidelines/ > List Archives: > https://lists.ovirt.org/archives/list/[email protected]/message/A5MW7PLHH5YGBVA7WSRZ24NO2IBY4ICD/ > To view the terms under which this email is distributed, please go > to:-http://leedsbeckett.ac.uk/disclaimer/email/ > > > -- > Jacob Green > > Systems Admin > > American Alloy Steel > > 713-300-5690 > > To view the terms under which this email is distributed, please go to:- > http://leedsbeckett.ac.uk/disclaimer/email/ > > > -- > Jacob Green > > Systems Admin > > American Alloy Steel > > 713-300-5690 > > To view the terms under which this email is distributed, please go to:- > http://leedsbeckett.ac.uk/disclaimer/email/ > > _______________________________________________ > Users mailing list -- [email protected] > To unsubscribe send an email to [email protected] > Privacy Statement: https://www.ovirt.org/site/privacy-policy/ > oVirt Code of Conduct: > https://www.ovirt.org/community/about/community-guidelines/ > List Archives: > https://lists.ovirt.org/archives/list/[email protected]/message/Q3I7GDZSJSLMTWJWHNH32OCSAS34X66N/ >
_______________________________________________ Users mailing list -- [email protected] To unsubscribe send an email to [email protected] Privacy Statement: https://www.ovirt.org/site/privacy-policy/ oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/[email protected]/message/YO3UTONSCN26JA2ACDBFACIW5TRFAYNQ/
