ManageIQ
-
|
Hi guys, We are using ManageIQ with AD authentication and need to ensure that students can only see their own instances. Currently, we can restrict access per project group, but all members of the group see all project instances. Our requirements: Is there a way to configure per-user tenants or policies? If not, can you recommend an alternative structure so students only see their own instances without complex administration? Thank you Best regards, Peter |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 23 replies
-
|
We don't have per-user tenant policies nor quotas, but we do have user-ownership of resources. You should be able to configure group-level quota, but still set the owner of a VM to a specific user. Then using RBAC, you can set the group to only be able to see user-owned resources. |
Beta Was this translation helpful? Give feedback.
-
|
Hey yeah there is a lot going on in this thread so if we can open separate issues on what specifically you're seeing that would be really helpful. |
Beta Was this translation helpful? Give feedback.
-
|
Not expecting anything different from this thread, Adam. Based on the points already mentioned, the expectation is the same for both user access and utilization. For utilization, I got the same output as mentioned. |
Beta Was this translation helpful? Give feedback.
-
|
@dhamo-ror you mentioned something about metrics and gnocchi not working as expected which sounds very different from user access and quotas. Maybe I misunderstood though. |
Beta Was this translation helpful? Give feedback.
-
|
Based on the original question, it sounds like @Fryguy's https://github.com/orgs/ManageIQ/discussions/23629#discussioncomment-14701254 is the answer. Anything else should be its own issue IMO |
Beta Was this translation helpful? Give feedback.
-
|
Yes Adam, I faced issues in gnnochi for metrics, I'll create a new issue for that |
Beta Was this translation helpful? Give feedback.
We don't have per-user tenant policies nor quotas, but we do have user-ownership of resources. You should be able to configure group-level quota, but still set the owner of a VM to a specific user. Then using RBAC, you can set the group to only be able to see user-owned resources.