Bug 1313904
Summary: | When an AD group is assigned superuser access to a cluster, users in that group are not given access to the VMs in that cluster | ||
---|---|---|---|
Product: | Red Hat Enterprise Virtualization Manager | Reporter: | Allie DeVolder <adevolder> |
Component: | ovirt-engine | Assignee: | Arik <ahadas> |
Status: | CLOSED NOTABUG | QA Contact: | |
Severity: | high | Docs Contact: | |
Priority: | high | ||
Version: | 3.5.7 | CC: | adevolder, ahadas, gklein, lsurette, mgoldboi, michal.skrivanek, mperina, oourfali, rbalakri, Rhev-m-bugs, srevivo, tjelinek, ykaul |
Target Milestone: | ovirt-4.0.4 | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2016-08-15 06:52:25 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | Virt | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 1320343 |
Description
Allie DeVolder
2016-03-02 15:15:51 UTC
Can you elaborate what do you mean by access to VM? @Arik, any thoughts? (In reply to Tomas Jelinek from comment #3) > @Arik, any thoughts? It seems that by design admin roles are not inherited from clusters to VMs. Therefore it is definitely not something for a z-stream. Allan, could you please elaborate on the implication on the user? is something missing in the UI? are there specific operations the user cannot do because of this? since it is by design pushing out of 3.6.6. Setting to 4.0 in case we will get to some enhancement we want to implement. oVirt 4.0 Alpha has been released, moving to oVirt 4.0 Beta target. this works as per design. We need to review the design is there any input/feedback from infra about how roles work? As explained by infra in comment 21: There is a difference if you use the user level api or admin level (e.g. the UI user portal vs webadmin; in REST Filter: true vs false header). If you use the user level API, you need to assign user roles (in this case UserVmManager, not superuser). This is by design, closing as not a bug. If this is a big issue or someone has a good use case to change it, please reopen as RFE. |