Hi all,
I've upgraded to the RC1 release today and I'm trying out the new permissions model. I've created a group and a user belonging to that group using the Proxmox VE authentication method. After that, I've added a resource pool with a few vm's in it and the storage that these VM's use (KVM with NFS shares). Added permissions "PVEVMAdmin" to this resource pool.
Now, when logging in as this user I can manage the VM's correctly, but since this user doesn't have access to any of the physical nodes, wouldn't it make more sense to not show these in the interface?
Ideally I would be able to limit the user's view to a view where the user sees only what he/she has access to. Since I've appointed only VM administration rights, the user has no business knowing on which physical server his VM is running on or how many physical nodes there are in the datacenter. Is it possible to do this in configuration files or through the CLI? Am I missing something?
Edit: also, PVEDatastoreUser -> I want my users to be able to upload ISO files to their datastores, is that Datastore.AllocateTemplate they need? How would I add that permission to the PVEDatastoreUser role? Is there anything they would be able to do besides upload ISO files that they shouldn't be able to do?
In any case, awesome job on the new release!
Best regards,
Koen
I've upgraded to the RC1 release today and I'm trying out the new permissions model. I've created a group and a user belonging to that group using the Proxmox VE authentication method. After that, I've added a resource pool with a few vm's in it and the storage that these VM's use (KVM with NFS shares). Added permissions "PVEVMAdmin" to this resource pool.
Now, when logging in as this user I can manage the VM's correctly, but since this user doesn't have access to any of the physical nodes, wouldn't it make more sense to not show these in the interface?
Ideally I would be able to limit the user's view to a view where the user sees only what he/she has access to. Since I've appointed only VM administration rights, the user has no business knowing on which physical server his VM is running on or how many physical nodes there are in the datacenter. Is it possible to do this in configuration files or through the CLI? Am I missing something?
Edit: also, PVEDatastoreUser -> I want my users to be able to upload ISO files to their datastores, is that Datastore.AllocateTemplate they need? How would I add that permission to the PVEDatastoreUser role? Is there anything they would be able to do besides upload ISO files that they shouldn't be able to do?
In any case, awesome job on the new release!
Best regards,
Koen
Last edited: