Description of problem:
The information contained in https://access.redhat.com/solutions/431653 should really be part of the REST API guide. It tells the user what permissions are required to access the REST API.
Version-Release number of selected component (if applicable):
The documentation in the provided link seems to be outdated (says: "Updated February 28 2014")
Ovirt was indeed initially designed for users with administrator permissions. Later on it became necessary to open part of it to non-admin users.
Nowadays admins may access anything is the API, and non-admins have specific access according to the roles they have on specific entities.
For exammple, if Ori has UserRole for VM_1, then GET .../api/vms done by Ori would return VM_1, but not other vms in the system. And Ori may do operations on that VM, etc.
One exception to this is that an admin may choose to masquerade as a user, choose to see only entities which he has specific permission for, by providing filter=true flag to his API requests.
As a general rule following should apply to RESTAPI (and the same is used for webadmin UI):
- If a user has assigned at least one admin role, he can read information about all entities in the RHV installation, but he can write only to entities he has the admin permissions for
- If a user has assigned only user role(s), he can read and write only to entities he has permissions for
Moving to documentation team to update relevant parts of RHV documentation, but I think also the KCS article should be updated.