On April 15, 2020 11:55:04 AM GMT+03:00, Michal Gutowski <[email protected]> wrote: >Hi oVirt community, > >I'm playing with a multitenant use-case in oVirt 3.4.6... My setup is >as follows: >- I have two working Data Centers (DC1 and DC2) >- I created two additional users DC1-admin and DC2-admin >- In DC1 permission settings I've added DC1-admin as a user with a >builtin DataCenterAdmin Role. >- In DC2 permission settings I've added DC2-admin as a user with a >builtin DataCenterAdmin Role. > >Now in terms of permissions all is good: DC1-admin is not able to >modify anything in DC2 and DC2-admin is not able to modify anything in >DC1. > >However in both the Admin Portal and the VM Portal DC1-admin and >DC2-admin can still see all other datacenter resources. >My expectation was that if I login to the Admin Portal as e.g. >DC2-admin I will only see DC2 datacenter in the GUI and nothing else. >Same with VM Portal. I played with different user settings but I >couldn't make it work... > >I think the problem is that whatever user you create it will always >belong to the build-in "everyone" group and inherit permission to see >everything in the portal. >Is it possible to achieve a scenario where e.g. DC2-admin will login to >the Admin Portal and only see resources that belong to DC2 and nothing >else? > >Thanks, >Michal
I haven't played alot, but I think this behaviour is only possible in the VM portal. Maybe someone else can correct me. Best Regards, Strahil Nikolov _______________________________________________ Users mailing list -- [email protected] To unsubscribe send an email to [email protected] Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/[email protected]/message/SYHSXO5THW5TDXMNL35MFVHDMJW4HSYH/
