[SOLVED] Allow user to create VMs, but only see and manage those created by itself

N

Noah0302

Member
Jul 21, 2022
63
9
13
Hello guys,

I've been trying to find a better solution for my problem:
-Allow a user (test) to create VMs and manage those fully, but prevent user (test) from doing anything else, not even seeing if there are other VMs on the Host

I did this by moving all VMs to a pool, which user (test) is blocked from accessing, however this is a bit annoying, since every newly created VM has to be moved to this pool, in order for user (test) to not see it.

Is there a better way of doing this?

Thank you for reading!
 
Last edited:
Why not give the user permission only on a specific pool?
 
  • Like
Reactions: Noah0302
Ok so I think I figured it out, was confused before:
  1. Create a User (test)
  2. Create a Pool (test)
  3. Give the user (test@pve) the Administrator role on the Pool (/pool/test) and Storage (/storage) he should be able to use
  4. If the user wants to create a VM or CT, he just has to select his pool (test) when creating it, otherwise there will be a permission error
Screenshots below:
 

Attachments

  • 1-CreateUser.png
    1-CreateUser.png
    58.9 KB · Views: 401
  • 2-CreatePool.png
    2-CreatePool.png
    60.7 KB · Views: 403
  • 3-GivePermissions.png
    3-GivePermissions.png
    64.1 KB · Views: 430
  • 4-CreateVMs.png
    4-CreateVMs.png
    44.6 KB · Views: 385
  • 5-Result.png
    5-Result.png
    93.5 KB · Views: 372
Last edited:
  • Like
Reactions: Matthias.
Matthias. said:
Why not give the user permission only on a specific pool?
Click to expand...
Thank you, I thought I had to add NoAccess of "/" to the user "test", so this way to only way I found for the user to be able to create VMs.
I posted a reply above, with the steps I used.
 
Last edited:
Great! Please mark the thread as solved (edit it, there's a dropdown near the title) so others with the same problem can find it more easily.
 
Noah0302 said:
Thank you, I thought I had to add NoAccess of "/" to the user "test", so this way to only way I found for the user to be able to create VMs.
I posted a reply above, with the steps I used.
Click to expand...
Thanks for your help, but I wanted to mention, that the storage is shared, so student can attach to his own VM other classmate's vm-storage.
 
Noah0302 said:
Ok so I think I figured it out, was confused before:
  1. Create a User (test)
  2. Create a Pool (test)
  3. Give the user (test@pve) the Administrator role on the Pool (/pool/test) and Storage (/storage) he should be able to use
  4. If the user wants to create a VM or CT, he just has to select his pool (test) when creating it, otherwise there will be a permission error
Screenshots below:
Click to expand...

i am having the same issue and when i did the same and if i change to folder view -> storage -> volume -> vm disks that user is able to remove other VMs disk which is not under his pool!

i wonder if there is any better solution to this
 
This is great, I'm just curious how can I put the pool onto a seperate VLAN? I've checked pool, group, permission and roles but nothing that would force user1 to create and maanger their own VMs on the assigned VLAN
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom