PVEUM Roleadd Privs

benafischer94

New Member
Sep 9, 2014
12
0
1
Hi all,

I'm looking for information regarding the types of privileges I can add to a role.

I have found this thread: http://forum.proxmox.com/threads/8397-User-permission-and-roles

But all that it was able to give was the following:
# pveum roleadd PVEDatastorePowerUser -privs "Datastore.AllocateSpace Datastore.Audit Datastore.AllocateTemplate"

Which wasn't too helpful. I'm curious what all types of roles and privs there are to assign. Specifically at this time I'm looking for a way to limit users to specific nodes in a cluster.

Man pveum wasn't too helpful either and then the wiki on this is rather empty so no additional info beside the default roles is provided.

Any help or resources would be greatly appreciated.

Regards,
Ben
 
I'm curious what all types of roles and privs there are to assign. Specifically at this time I'm looking for a way to limit users to specific nodes in a cluster.

You cannot do that - we want that all cluster nodes to behave similar, so this was not implemented.
 
You cannot do that - we want that all cluster nodes to behave similar, so this was not implemented.

It seems like something pretty trivial for when there's desire to have an overview of a cluster for the main administrators but have groups assigned to maintaining different groups of VMs. Especially since there's no tool to view multiple clusters at a time. I could see the reasoning for not allowing nodes in a cluster to behave differently to different users if there was a full overview tool for multiple clusters.

Also this doesn't answer the first part of the question as to what all the different privileges are that can be assigned to roles.
 
So apologies for not realizing that the info for the first part of the OP is in the Wiki.
Code:
[B]Privileges[/B]


A privilege is the right to perform a specific action. To simplify 
management, lists of privileges are grouped into roles, which can then 
be uses to set permissions.

We currently use the following privileges:


[B]Node / System related privileges[/B]



[LIST]
[*] Permissions.Modify: modify access permissions
[*] Sys.PowerMgmt: Node power management (start, stop, reset, shutdown, ...)
[*] Sys.Console: console access to Node
[*] Sys.Syslog: view Syslog
[*] Sys.Audit: view node status/config
[*] Sys.Modify: create/remove/modify node network parameters
[*] Group.Allocate: create/remove/modify groups
[*] Pool.Allocate: create/remove/modify a pool
[*] Realm.Allocate: create/remove/modify authentication realms
[*] Realm.AllocateUser: assign user to a realm
[*] User.Modify: create/remove/modify user access and details.
[/LIST]

[B]Virtual machine related privileges[/B]



[LIST]
[*] VM.Allocate: create/remove new VM to server inventory
[*] VM.Migrate: migrate VM to alternate server on cluster
[*] VM.PowerMgmt: power management (start, stop, reset, shutdown, ...)
[*] VM.Console: console access to VM
[*] VM.Monitor: access to VM monitor (kvm)
[*] VM.Backup: backup/restore VMs
[*] VM.Audit: view VM config
[*] VM.Clone: clone/copy a VM
[*] VM.Config.Disk: add/modify/delete Disks
[*] VM.Config.CDROM: eject/change CDROM
[*] VM.Config.CPU: modify CPU settings
[*] VM.Config.Memory: modify Memory settings
[*] VM.Config.Network: add/modify/delete Network devices
[*] VM.Config.HWType: modify emulated HW type
[*] VM.Config.Options: modify any other VM configuration
[*] VM.Snapshot: create/remove VM snapshots
[/LIST]

[B]Storage related privileges[/B]



[LIST]
[*] Datastore.Allocate: create/remove/modify a data store, delete volumes
[*] Datastore.AllocateSpace: allocate space on a datastore
[*] Datastore.AllocateTemplate: allocate/upload templates and iso images
[*] Datastore.Audit: view/browse a datastore
[/LIST]

I also think I may be able to achieve what I'm looking to do by using pools and allocating out a range for VMs.

Anyway thanks again,
Ben
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!