Bug 1420509
Summary: | [Docs][REST] Document permissions required to use REST API | ||
---|---|---|---|
Product: | Red Hat Enterprise Virtualization Manager | Reporter: | Stephen Gordon <sgordon> |
Component: | Documentation | Assignee: | rhev-docs <rhev-docs> |
Status: | CLOSED WONTFIX | QA Contact: | rhev-docs <rhev-docs> |
Severity: | low | Docs Contact: | |
Priority: | low | ||
Version: | 3.6.0 | CC: | apinnick, lsurette, lsvaty, mperina, oliel, srevivo |
Target Milestone: | --- | Keywords: | Documentation |
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | backlog | ||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2022-06-14 09:56:51 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | Infra | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Stephen Gordon
2017-02-08 20:55:24 UTC
The documentation in the provided link seems to be outdated (says: "Updated February 28 2014") Ovirt was indeed initially designed for users with administrator permissions. Later on it became necessary to open part of it to non-admin users. Nowadays admins may access anything is the API, and non-admins have specific access according to the roles they have on specific entities. For exammple, if Ori has UserRole for VM_1, then GET .../api/vms done by Ori would return VM_1, but not other vms in the system. And Ori may do operations on that VM, etc. One exception to this is that an admin may choose to masquerade as a user, choose to see only entities which he has specific permission for, by providing filter=true flag to his API requests. As a general rule following should apply to RESTAPI (and the same is used for webadmin UI): - If a user has assigned at least one admin role, he can read information about all entities in the RHV installation, but he can write only to entities he has the admin permissions for - If a user has assigned only user role(s), he can read and write only to entities he has permissions for Moving to documentation team to update relevant parts of RHV documentation, but I think also the KCS article should be updated. |