Hi Jeff, * I assume that we are talking about the User Portal, not the web-admin (to which the user cannot even log into, according to the permissions that you specified).
* a permission is a triplet of role, user and object. according to what you are saying, the user's permission is: - role: Copy_of_UserRole [contains "Remote Log" only (???)] - user: user - object: ??? what is the object with which the user's permission is associated? I suspect it is "System", which would explain why the users sees all of the VMs in his user- portal (permissions inheritance, as you suspected: all VMs are "descendants" of "System", therefore permissions on "System" are propagated to the VMs within the system) * are there any additional permissions for this user? a screen-shot of the user's "Permissions" sub-tab in the User's main tab in the web-admin would be helpful. * does the user belong to any group that has permissions on the system? if so, this user could be inheriting these permissions from that group. * are you sure that the "Copy_of_UserRole" role contains only the "Remote Log" action? if not - that can explain why the user is able to perform actions on the VMs other than "Remote Log". ---- Thanks, Einav ----- Original Message ----- > From: "Jeff Clay" <jeffc...@gmail.com> > To: users@ovirt.org > Sent: Tuesday, May 6, 2014 4:32:28 PM > Subject: [ovirt-users] Users seeing all vm's > > For some reason, when logged in as a user with a modifed copy role of > UserRole (only has login permssion and VM -> Basic Operations -> Remote Log > In permission) the user can see all of the VM's and has the ability to open > a console, start, shutdown or suspend any of the VM's. I have verified that > all of the VM's only show the SuperUser role in their permissions. I went > through all of the roles and verified that the user is only a member of the > Copy_of_UserRole. The only thing I can think of is that the user is > inheriting permissions from something, but I can't find what it is or > where. Any suggestions? > > Thanks. > > _______________________________________________ > Users mailing list > Users@ovirt.org > http://lists.ovirt.org/mailman/listinfo/users > _______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users