> the main difference between an 'admin' and a 'user' is that admin has > read-only permission to see all objects in the system, and a user can > only see objects they have permissions on.
But this distinction does not apply to API access, apparently; regular users cannot access the API at all as far as I can tell. I wouldn't mind giving API users 'admin' status if that's what it takes, but I'm concerned about the meaning of 'admin' changing in the future. I think the trouble here is that by doing it this way oVirt is presuming what the access policy is by baking rights into the 'admin' status. On a site-by-site basis the definition of 'admin' is going to vary. Thanks, -- Jonathan Daugherty Software Engineer Galois, Inc. _______________________________________________ Engine-devel mailing list Engine-devel@ovirt.org http://lists.ovirt.org/mailman/listinfo/engine-devel