[SOLVED] VM.Console require VM.Audit

Brskt

New Member
Oct 5, 2022
6
1
3
Hello,

We have on our production the permission VM.Console with the Proxmox version 6.x for the clients to access their KVM Console but, as I can see with the version 7.x, it require VM.Audit which I don't want to give.

How can I give KVM console access without this permission ?

Regards.
 
  • Like
Reactions: bondif
the console itself still only requires VM.Console, but the VM is not listed in the tree and the console therefor not available in the GUI - correct?
 
Yes, that is correct.

When trying to access the console, I got Error 403: Permission check failed (/vms/457, VM.Audit) error. When this permission is gaven, the client is able to access the console.
 
but you see the VM in the resource tree on the left hand side?
 
how do you access the VM? it's not included in any lists/trees for me with only VM.Console..
 
When we access the console, a temporary user is created with the VM.Console permission on the specific VM and client got redirected on a specific link, eg :
Code:
?console=kvm&novnc=1&vmid=(vmid)&node=(nodeid)&resize=off&cmd=
 
Last edited:
which request exactly gives you the 403 error lacking VM.Audit?
 
The request who give 403 is https://URL/api2/json/nodes/(nodename)/qemu/(vmid)/status/current?

Also, with the Proxmox 6.x, there is no "current" request but https://URL/api2/json/nodes/(nodename)/qemu/(vmid)/vncproxy
 
Last edited:
Hi,
I have the same issue on version 7.3.6 How did you solve it? I can't decipher the email.
the patch from the mail is already included in novnc-pve: 1.4.0-1 (check with e.g. dpkg-query --list novnc-pve if you already have it). If you already have it, please describe your issue in more detail. What are you doing exactly and what error message do you get?
 
Hi,
Hi,

the patch from the mail is already included in novnc-pve: 1.4.0-1 (check with e.g. dpkg-query --list novnc-pve if you already have it). If you already have it, please describe your issue in more detail. What are you doing exactly and what error message do you get?
Yes, I already have it.
The problem is that I have a user with VM.Console, VM.Monitor, VM.PowerMgmt privileges on a single VM, but he cannot see it on the UI.
It only appears when I add the VM.Audit privilege.

Regards,
 
Hi,

Yes, I already have it.
The problem is that I have a user with VM.Console, VM.Monitor, VM.PowerMgmt privileges on a single VM, but he cannot see it on the UI.
It only appears when I add the VM.Audit privilege.

Regards,
Yes, but that is expected. Listing the VM requires the VM.Audit privilege. That's what the permission is for, so very unlikely to change. The issue this thread is about is accessing the console via API without VM.Audit. That should work now.
 
  • Like
Reactions: bondif

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!