adding a "View only" user?

Y

YBEY

New Member
Jun 22, 2015
10
0
1
Hey guys, i manage the Proxmox in my company.
i want a user that will allow people to log on to the machines (we're using spice) and use them - thats it, they shouldnt have teh ability to start/stop/clone/create/remove machines.

But i can't seem to find the correct privilege level for that.

help please?
 
You can create your own roles, but not over the GUI, ssh into one of your nodes and execute "pvesh" (it's a shell for the PVE API). Now enter something like:
Code: 
create access/roles -roleid only_console_role -privs VM.Console
and you have created your own role. You should see it now also in the in the web gui interface and should be able to use it like any other role.

To add more privileges separate them with comma (no whitespace), like: ... -privs Vm.Console,VM.Audit

EDIT:
for the sake of completeness: there is also the pve user manager: pveum
To view its capabilities use:
Code: 
pveum help
Take also a look at: https://pve.proxmox.com/wiki/User_Management#Roles
 
Last edited:
Thank you for the amazingly awesome response.

gonna need a-bit more spoon feeding here.
I did as you said (again, thank you), but now when i log-in using that user i cant even VIEW the machines itself, only:
+Datacenter
Boxname

Without ability to access the consoles themselves.

PS - will changing the SSH port on the main host machine ("Boxname") cause any issues in Proxmox?
 
Use also VM.Audit as privilege, so its -privs VM.Console,VM.Audit
Note: I edited my post above, you can also use the pveum command, it's maybe a bit more intuitive.

Would bring up problems when adding nodes to the cluster using this one, as it uses ssh. Maybe also some other problems, I'm currently not aware off, wouldn't recommend it, atm.
 
Thank you.
Could you tell me the command to remove a Priv as well?

bless you!
 
Use
Code: 
pveum rolemod rolename -privs VM.Console
the -privs here are the new privileges the role has after editing it. To delete one privilege, you have to add everyone minus the privilege to delete to this command.
When you want to append privileges to roles, use the "-append 1" flag, so you don't have to enter all privs the role has already.
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back