Hi I was able to reproduce similar errors in the log, but with regards to GetRngQeury and not SearchQuery. And, it caused an issue with selecting an instance type, but I was able to create a VM successfully, while being only a PowerUser on the DC. I'll post the fix for that. What version are you using? Perhaps your issue was already solved? Did you open a bug on your issue?
Thanks, Oved ----- Original Message ----- > From: "Oved Ourfali" <ov...@redhat.com> > To: "Jorick Astrego" <j.astr...@netbulae.eu> > Cc: users@ovirt.org > Sent: Tuesday, July 22, 2014 2:04:01 PM > Subject: Re: [ovirt-users] user permissions > > Please open a bug on that. > But please provide full details, what permissions on what object, and what > dialog are you opening, what operation are you trying to do, with the > complete logs. > > Thanks, > Oved > > ----- Original Message ----- > > From: "Jorick Astrego" <j.astr...@netbulae.eu> > > Cc: users@ovirt.org > > Sent: Tuesday, July 22, 2014 1:57:44 PM > > Subject: Re: [ovirt-users] user permissions > > > > > > The only relevant things I see in the log are lots of these: > > > > 2014-07-22 09:52:46,867 ERROR [org.ovirt.engine.core.bll.SearchQuery] > > (ajp--127.0.0.1-8702-12) Query execution failed due to insufficient > > permissions. > > 2014-07-22 09:52:46,867 ERROR [org.ovirt.engine.core.bll.SearchQuery] > > (ajp--127.0.0.1-8702-12) Query execution failed due to insufficient > > permissions. > > 2014-07-22 09:53:46,869 ERROR [org.ovirt.engine.core.bll.SearchQuery] > > (ajp--127.0.0.1-8702-5) Query execution failed due to insufficient > > permissions. > > 2014-07-22 09:53:46,869 ERROR [org.ovirt.engine.core.bll.SearchQuery] > > (ajp--127.0.0.1-8702-5) Query execution failed due to insufficient > > permissions. > > 2014-07-22 09:54:46,865 ERROR [org.ovirt.engine.core.bll.SearchQuery] > > (ajp--127.0.0.1-8702-8) Query execution failed due to insufficient > > permissions. > > 2014-07-22 09:54:46,865 ERROR [org.ovirt.engine.core.bll.SearchQuery] > > (ajp--127.0.0.1-8702-8) Query execution failed due to insufficient > > permissions. > > > > 2014-07-22 10:27:46,879 ERROR [org.ovirt.engine.core.bll.SearchQuery] > > (ajp--127.0.0.1-8702-5) Query execution failed due to insufficient > > permissions. > > 2014-07-22 10:27:46,880 ERROR [org.ovirt.engine.core.bll.SearchQuery] > > (ajp--127.0.0.1-8702-5) Query execution failed due to insufficient > > permissions. > > 2014-07-22 10:28:46,949 ERROR [org.ovirt.engine.core.bll.SearchQuery] > > (ajp--127.0.0.1-8702-1) Query execution failed due to insufficient > > permissions. > > 2014-07-22 10:28:46,950 ERROR [org.ovirt.engine.core.bll.SearchQuery] > > (ajp--127.0.0.1-8702-1) Query execution failed due to insufficient > > permissions. > > 2014-07-22 10:29:46,887 ERROR [org.ovirt.engine.core.bll.SearchQuery] > > (ajp--127.0.0.1-8702-4) Query execution failed due to insufficient > > permissions. > > 2014-07-22 10:29:46,887 ERROR [org.ovirt.engine.core.bll.SearchQuery] > > (ajp--127.0.0.1-8702-4) Query execution failed due to insufficient > > permissions. > > > > 2014-07-22 10:36:46,911 ERROR [org.ovirt.engine.core.bll.SearchQuery] > > (ajp--127.0.0.1-8702-13) Query execution failed due to insufficient > > permissions. > > 2014-07-22 10:36:46,911 ERROR [org.ovirt.engine.core.bll.SearchQuery] > > (ajp--127.0.0.1-8702-13) Query execution failed due to insufficient > > permissions. > > 2014-07-22 10:37:46,924 ERROR [org.ovirt.engine.core.bll.SearchQuery] > > (ajp--127.0.0.1-8702-1) Query execution failed due to insufficient > > permissions. > > 2014-07-22 10:37:46,924 ERROR [org.ovirt.engine.core.bll.SearchQuery] > > (ajp--127.0.0.1-8702-1) Query execution failed due to insufficient > > permissions. > > 2014-07-22 10:38:46,966 ERROR [org.ovirt.engine.core.bll.SearchQuery] > > (ajp--127.0.0.1-8702-8) Query execution failed due to insufficient > > permissions. > > 2014-07-22 10:38:46,967 ERROR [org.ovirt.engine.core.bll.SearchQuery] > > (ajp--127.0.0.1-8702-8) Query execution failed due to insufficient > > permissions. > > 2014-07-22 10:39:46,941 ERROR [org.ovirt.engine.core.bll.SearchQuery] > > (ajp--127.0.0.1-8702-5) Query execution failed due to insufficient > > permissions. > > 2014-07-22 10:39:46,942 ERROR [org.ovirt.engine.core.bll.SearchQuery] > > (ajp--127.0.0.1-8702-5) Query execution failed due to insufficient > > permissions. > > > > Kind regards, > > Jorick > > > > > > On 07/22/2014 12:16 PM, Oved Ourfali wrote: > > > > > > > > Setting PowerUser for some user on System or on a DC should be enough to > > create VMs on it. > > What error do you get? > > Can you share your logs? > > > > ----- Original Message ----- > > > > > > > > From: "Jorick Astrego" <j.astr...@netbulae.eu> Cc: users@ovirt.org Sent: > > Tuesday, July 22, 2014 12:26:38 PM > > Subject: Re: [ovirt-users] user permissions > > > > I had it set on the system (with the configure button) and the DC but > > tried every combination I could think off. > > > > Also created a new user type role with all the user permissions selected. > > > > Kind regards, > > Jorick Astrego > > > > > > > > On 07/22/2014 11:16 AM, Oved Ourfali wrote: > > > > > > > > On what object did you assign the PowerUser role? > > A permission consist of user+role+object. > > > > ----- Original Message ----- > > > > > > > > From: "Jorick Astrego" <j.astr...@netbulae.eu> To: users@ovirt.org Sent: > > Tuesday, July 22, 2014 11:43:43 AM > > Subject: Re: [ovirt-users] user permissions > > > > Hi, > > > > Sorry let be a bit more clear. I want to have a user that can log into the > > user portal and create vm's, stop them, add disks etc. But only as a user. > > > > I tried the poweruser role and can do all things except creating a new VM. > > I > > also want the user to only see and manipulate his own VM's and not the > > other > > ones running on the same system. > > > > Even with the PowerUser role, I am not able to create a new VM as this > > user. > > Also when I edit the built-in PowerUser role, I only see the following > > rights selected: > > > > Login Permissions > > > > Template > > > > Provisioning Operations > > Create > > > > VM > > > > > > Provisioning Operations > > Edit properties > > Create > > > > Disk > > > > Provisioning Operations > > Create > > > > Everything else is deselected. > > > > Kind regards, > > > > Jorick Astrego > > Netbulae > > > > On 07/22/2014 10:35 AM, Oved Ourfali wrote: > > > > > > > > Hi > > > > You didn't really specify what you would like to accomplish, and what > > permissions were granted and on what object. > > In general, we have two types of roles: User and Admin roles. > > If a user has any admin role on any object, then he can login to the admin > > portal. > > So, as long as you don't assign the user with admin role he will not be > > able > > to login to the admin portal. > > > > Giving PowerUser role on a DC will allow the user to create VMs and Disks > > through the user portal. > > Is that what you would like to accomplish? > > > > Oved > > > > ----- Original Message ----- > > > > > > > > From: "Jorick Astrego" <j.astr...@netbulae.eu> To: users@ovirt.org Sent: > > Tuesday, July 22, 2014 11:32:16 AM > > Subject: [ovirt-users] user permissions > > > > Hi, > > > > In our 3.4.3 environment I started adding external users (it is > > connected to a freeipa server) and I'm having some problems setting the > > correct permissions. > > > > When I give all user roles to a user, I cannot create a vm and get an > > error "User is not authorized to perform this action". I tried setting > > it on the system level, DC level and cluster level. > > > > I needed to give this user an administrator role with only exactly the > > same vm and disk permissions (nothing extra) and things work ok, but he > > can now login to the admin portal. So I blocked it with a .htaccess > > which is not the prettiest solution. > > > > Am I doing things wrong? > > > > Also the user disappeared from the "System permissions" overview but can > > still login, which is a bit weird. > > > > Kind regards, > > > > Jorick Astrego > > Netbulae > > > > _______________________________________________ > > Users mailing list Users@ovirt.org > > http://lists.ovirt.org/mailman/listinfo/users > > _______________________________________________ > > Users mailing list Users@ovirt.org > > http://lists.ovirt.org/mailman/listinfo/users > > _______________________________________________ > > Users mailing list Users@ovirt.org > > http://lists.ovirt.org/mailman/listinfo/users > > > > > > _______________________________________________ > > Users mailing list > > Users@ovirt.org > > http://lists.ovirt.org/mailman/listinfo/users > > > _______________________________________________ > Users mailing list > Users@ovirt.org > http://lists.ovirt.org/mailman/listinfo/users > _______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users