Product SiteDocumentation Site

3. Verify User Permissions

To verify that the Storage Administrator role has been correctly assigned, sign out and log in to the Red Hat Enterprise Virtualization Manager administration portal as rhevuser, then perform a few storage configuration options.
To verify StorageAdmin permissions
  1. Navigate to the Tree pane and click the Expand All button. Under Default, click Storage. The available storage domains displays in the Storage tab.
  2. Select local-iso-domain. On the details pane, select the Data Center tab and click the Maintenance button. The ISO storage domain is deactivated, and appears as Inactive in the Storage pane.
  3. Select the Data storage domain. On the details pane, select the Data Center tab and click the Maintenance button. This time you will get an error message stating "User is not authorized to perform this action". This happened because you gave administrative permissions only for the ISO domain, not the Data domain.
  4. Select the ISO domain again and click the Data Center tab on the details pane. Click Activate. The domain is activated, and displays as Active in the Storage pane.
Next, verify that the PowerUserRole has been correctly assigned. You should still be logged in as rhevuser.
To verify PowerUserRole permissions
  1. On the Tree pane, click Expand All. Under the Default data center and Default host cluster, click the Virtual Machines icon. The available virtual machines display in the Virtual Machines tab.
  2. Select the RHEL6Thames virtual machine and try to stop it if it is running, or play it if it is not running. You should succeed.
  3. Select a different virtual machine, and try to do the same. This time you should get the "User is not authorized to perform this action" message. This is because you only assigned power user permissions for RHEL6Thames and not the second virtual machine.
As you have seen in this lab, you can configure different levels of permissions for different users on multiple objects. This multi-level administration system is ideal for organizations with a diverse range of users who have different needs, and allows for enhanced security in that only specifically assigned users will be able to make system-wide changes.