[SOLVED] Cant do an upgrade task in GUI with an admin account from PVE realm

G

ggambini

New Member
Sep 4, 2024
3
0
1
Hello

I have a little cluster with 4 nodes. I also create some users at "datacenter" level in PVE webUI and give them administrator builtin role on / path. When im logged with one of this users, "upgrade" button is disabled in update menu on each host. If im logged with PAM root, upgrade button not disabled.

I cant find what i have miss in my configuration, if someone have some hints :)

Have a nice day, Gamb.
 
Hi, can you please share the ACL for the admin user? you can find the ACL in /etc/pve/user.cfg this can help us to see if the permission you gave to the user is correct or not.
 
upgrading is only possible for root@pam, since it effectively gives you a root shell on the host.
 
  • Like
Reactions: Moayad
Hello

Thanks for replying. Here my user.cfg (without real login ofc) :

Code: 
user:titi@pve:1:0::::::
user:toto@pve:1:0:::::x:
user:root@pam:1:0:::root@domain.fr::x:

group:admin:toto@pve,titi@pve::

role:admin:Datastore.Allocate,Datastore.AllocateSpace,Datastore.AllocateTemplate,Datastore.Audit,Group.Allocate,Mapping.Audit,Mapping.Modify,Mapping.Use,Permissions.Modify,Pool.Allocate,Pool.Audit,Realm.Allocate,Realm.AllocateUser,SDN.Allocate,SDN.Audit,SDN.Use,Sys.AccessNetwork,Sys.Audit,Sys.Console,Sys.Incoming,Sys.Modify,Sys.PowerMgmt,Sys.Syslog,User.Modify,VM.Allocate,VM.Audit,VM.Backup,VM.Clone,VM.Config.CDROM,VM.Config.CPU,VM.Config.Cloudinit,VM.Config.Disk,VM.Config.HWType,VM.Config.Memory,VM.Config.Network,VM.Config.Options,VM.Console,VM.Migrate,VM.Monitor,VM.PowerMgmt,VM.Snapshot,VM.Snapshot.Rollback:

acl:1:/:@admin:Administrator,admin:

@fabian : Its confirmed that a @pve user cant do upgrade task on pve node ? Ideally, each administrator have his own user (for auditing) and root@pam only used as a backup account. It not possible to do this ? sad :(

Best regard, Gamb.
 
You must log in or register to reply here.
Top Bottom