This seems to work however still trying to solve the issue of if we dont give access to networks at a higher level (Cluster or DC) then it must be given at the Network level for every network that we would like them to have access to. Since we are using an AD group to assign access to the networks this would work for initially created network by we as admins but brings up an issue for networks they create themselves.
We Also would like them to create networks and let that group have access to it but is seems we would have to allow them to assign permissions in the system to do that, which then opens up a whole other host of problems we wouldn't want like the ability to mitigate and access control we implement. Am I understanding how these permissions work and finding we cannot do the below or missing something that would allow the follow use case: Users of Platform are restricted from adding VMs to a few select networks Users of Platform are able to create, and share with other team members associated with an AD Group, new networks -- Strech here if it could be restricted to only certain labels to prevent them from using physical nics we haven't already assigned labels to as admins Users of Platform are not able to modify permissions on objects in inventory _______________________________________________ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/site/privacy-policy/ oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/W2PFFSLZA4CZHYY67JXQROFY65EPOKJ2/