Hi Team,
I have a new PVE cluster that I am trying to configure with access permissions for systems admin staff. I’m really struggling with this so I would appreciate some guidance if possible.
The staff will need to be able to action the following tasks:
The goal is to essentially allow full VM administration and monitoring of the environment without giving the ability to accidently change system, cluster, ceph settings etc
In an attempt to achieve the above, I have created a user group “SuperAdmin” containing a user “sys.admin”. I have also create a custom role named “SuperAdmin” with the following privileges:
I have added the following under permissions for group “SuperAdmin” with the “SuperAdmin” role:
When I login with user “sys.admin”:
Can create VM’s, power on, open view console, stop, edit, remove.
Can migrate VM’s between hosts
View host CPU/Memory utilisation
Have access only to Ceph storage pools
Can upload media to CephFS
Can view Ceph usage
What I am missing right now though is the ability to add VM’s to HA:
I'd appreciate any input and assistance with this.
Thank you
I have a new PVE cluster that I am trying to configure with access permissions for systems admin staff. I’m really struggling with this so I would appreciate some guidance if possible.
The staff will need to be able to action the following tasks:
- Full control of VM’s (create, remove, edit config etc)
- Add VM’s to HA groups
- Migrate VM’s between hosts
- View host CPU/Memory utilisation
- Access only to Ceph storage pools
- Upload media to CephFS
- View Ceph storage utilisation
- Access only to SDN VNets
The goal is to essentially allow full VM administration and monitoring of the environment without giving the ability to accidently change system, cluster, ceph settings etc
In an attempt to achieve the above, I have created a user group “SuperAdmin” containing a user “sys.admin”. I have also create a custom role named “SuperAdmin” with the following privileges:
Datastore.Allocate, Datastore.AllocateSpace, Datastore.AllocateTemplate, Datastore.Audit, SDN.Allocate, SDN.Audit, SDN.Use, Sys.Audit, Sys.Console, VM.Allocate, VM.Audit, VM.Clone, VM.Config.CDROM, VM.Config.CPU, VM.Config.Cloudinit, VM.Config.Disk, VM.Config.HWType, VM.Config.Memory, VM.Config.Network, VM.Config.Options, VM.Console, VM.Migrate, VM.Monitor, VM.PowerMgmt, VM.Snapshot.Rollback, VM.SnapshotI have added the following under permissions for group “SuperAdmin” with the “SuperAdmin” role:
/nodes/sdn/zones/xxxx/storage/ceph-iso-store/storage/ceph-vm-store/vmsWhen I login with user “sys.admin”:
Can create VM’s, power on, open view console, stop, edit, remove.
Can migrate VM’s between hosts
View host CPU/Memory utilisation
Have access only to Ceph storage pools
Can upload media to CephFS
Can view Ceph usage
What I am missing right now though is the ability to add VM’s to HA:
I'd appreciate any input and assistance with this.
Thank you
