[SOLVED] Allow user to create VMs, but only see and manage those created by itself

Noah0302

Member
Jul 21, 2022
62
8
13
Hello guys,

I've been trying to find a better solution for my problem:
-Allow a user (test) to create VMs and manage those fully, but prevent user (test) from doing anything else, not even seeing if there are other VMs on the Host

I did this by moving all VMs to a pool, which user (test) is blocked from accessing, however this is a bit annoying, since every newly created VM has to be moved to this pool, in order for user (test) to not see it.

Is there a better way of doing this?

Thank you for reading!
 
Last edited:
Why not give the user permission only on a specific pool?
 
  • Like
Reactions: Noah0302
Ok so I think I figured it out, was confused before:
  1. Create a User (test)
  2. Create a Pool (test)
  3. Give the user (test@pve) the Administrator role on the Pool (/pool/test) and Storage (/storage) he should be able to use
  4. If the user wants to create a VM or CT, he just has to select his pool (test) when creating it, otherwise there will be a permission error
Screenshots below:
 

Attachments

  • 1-CreateUser.png
    1-CreateUser.png
    58.9 KB · Views: 342
  • 2-CreatePool.png
    2-CreatePool.png
    60.7 KB · Views: 342
  • 3-GivePermissions.png
    3-GivePermissions.png
    64.1 KB · Views: 365
  • 4-CreateVMs.png
    4-CreateVMs.png
    44.6 KB · Views: 329
  • 5-Result.png
    5-Result.png
    93.5 KB · Views: 321
Last edited:
  • Like
Reactions: Matthias.
Why not give the user permission only on a specific pool?
Thank you, I thought I had to add NoAccess of "/" to the user "test", so this way to only way I found for the user to be able to create VMs.
I posted a reply above, with the steps I used.
 
Last edited:
Great! Please mark the thread as solved (edit it, there's a dropdown near the title) so others with the same problem can find it more easily.
 
Thank you, I thought I had to add NoAccess of "/" to the user "test", so this way to only way I found for the user to be able to create VMs.
I posted a reply above, with the steps I used.
Thanks for your help, but I wanted to mention, that the storage is shared, so student can attach to his own VM other classmate's vm-storage.
 
Ok so I think I figured it out, was confused before:
  1. Create a User (test)
  2. Create a Pool (test)
  3. Give the user (test@pve) the Administrator role on the Pool (/pool/test) and Storage (/storage) he should be able to use
  4. If the user wants to create a VM or CT, he just has to select his pool (test) when creating it, otherwise there will be a permission error
Screenshots below:

i am having the same issue and when i did the same and if i change to folder view -> storage -> volume -> vm disks that user is able to remove other VMs disk which is not under his pool!

i wonder if there is any better solution to this
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!