Hi all,
Still completely new to this ecosystem. I'm trying to create a PVE authenticated user with permissions to create other users with PVEVMUser permissions.
Steps I've taken:
1. Datacenter > Permissions > Users > Add (Realm: PVE)
2. Datacenter > Pools > Create
3. Pool_Name > Permissions > Add > User Permission (Role: PVEAdmin)
I am failing at permission Realm.AllocateUser.
Permissions under PVEAdmin are:
But ticket permissions from /access/ticket seem to indicate that certain features are not exposed:
I've tried creating a new role and assigning all permissions to the user but am still getting the same response for the ticket, even as the permissions match the root user entirely:
Ticket permissions are still the same:
The root user generates a different ticket with everything:
Also, it seems like the Realm permissions are not showing up for root user either?
Logging into the GUI directly with the created user, I only see the options Storage and Users under Datacenter in addition to the option to create VM/CTs. However, the Datacenter > Users section is read-only, I only see 1 user which is the same user I'm logged in as and the only options available are Password/TFA. The Add/Edit/Remove options are greyed out. This is even though I have given the user the exact same permissions as the root user.
What am I doing wrong?
Thanks!
Still completely new to this ecosystem. I'm trying to create a PVE authenticated user with permissions to create other users with PVEVMUser permissions.
Steps I've taken:
1. Datacenter > Permissions > Users > Add (Realm: PVE)
2. Datacenter > Pools > Create
3. Pool_Name > Permissions > Add > User Permission (Role: PVEAdmin)
I am failing at permission Realm.AllocateUser.
Permissions under PVEAdmin are:
Code:
VM.Migrate, VM.Config.CDROM, VM.Config.Network, Datastore.AllocateTemplate, VM.Config.Memory, VM.Config.CPU, Datastore.Audit, VM.Backup, Pool.Allocate, VM.Config.Options, Sys.Console, Sys.Syslog, VM.Monitor, VM.Config.HWType, Sys.Audit, VM.Clone, Permissions.Modify, VM.Allocate, User.Modify, Group.Allocate, Datastore.Allocate, VM.Audit, VM.Snapshot, VM.Config.Disk, VM.PowerMgmt, Datastore.AllocateSpace, VM.Console, VM.Snapshot.Rollback, Realm.AllocateUserBut ticket permissions from /access/ticket seem to indicate that certain features are not exposed:
Code:
"cap": {
"storage": {
"Datastore.AllocateSpace": 1,
"Datastore.Allocate": 1,
"Datastore.Audit": 1,
"Datastore.AllocateTemplate": 1,
"Permissions.Modify": 1
},
"access": {},
"dc": {},
"nodes": {},
"vms": {
"VM.Audit": 1,
"Permissions.Modify": 1,
"VM.Config.Disk": 1,
"VM.Migrate": 1,
"VM.Config.Memory": 1,
"VM.Config.Network": 1,
"VM.Config.HWType": 1,
"VM.Backup": 1,
"VM.Config.CDROM": 1,
"VM.Snapshot": 1,
"VM.Monitor": 1,
"VM.Console": 1,
"VM.PowerMgmt": 1,
"VM.Snapshot.Rollback": 1,
"VM.Config.Options": 1,
"VM.Allocate": 1,
"VM.Config.CPU": 1,
"VM.Clone": 1
}
},I've tried creating a new role and assigning all permissions to the user but am still getting the same response for the ticket, even as the permissions match the root user entirely:
Code:
VM.Audit, VM.Config.Disk, VM.PowerMgmt, VM.Allocate, Group.Allocate, Datastore.Audit, Realm.AllocateUser, VM.Monitor, VM.Config.Network, Pool.Allocate, VM.Config.Options, Datastore.AllocateTemplate, VM.Config.CDROM, Sys.Syslog, VM.Console, Sys.Modify, VM.Snapshot.Rollback, VM.Migrate, User.Modify, VM.Clone, Sys.Audit, VM.Backup, Permissions.Modify, VM.Config.HWType, Sys.PowerMgmt, VM.Snapshot, VM.Config.Memory, VM.Config.CPU, Sys.Console, Realm.Allocate, Datastore.AllocateSpace, Datastore.AllocateTicket permissions are still the same:
Code:
"cap": {
"storage": {
"Datastore.AllocateSpace": 1,
"Datastore.Allocate": 1,
"Datastore.Audit": 1,
"Datastore.AllocateTemplate": 1,
"Permissions.Modify": 1
},
"access": {},
"dc": {},
"nodes": {},
"vms": {
"VM.Audit": 1,
"Permissions.Modify": 1,
"VM.Config.Disk": 1,
"VM.Migrate": 1,
"VM.Config.Memory": 1,
"VM.Config.Network": 1,
"VM.Config.HWType": 1,
"VM.Backup": 1,
"VM.Config.CDROM": 1,
"VM.Snapshot": 1,
"VM.Monitor": 1,
"VM.Console": 1,
"VM.PowerMgmt": 1,
"VM.Snapshot.Rollback": 1,
"VM.Config.Options": 1,
"VM.Allocate": 1,
"VM.Config.CPU": 1,
"VM.Clone": 1
}
},The root user generates a different ticket with everything:
Code:
"cap": {
"storage": {
"Datastore.Audit": 1,
"Datastore.AllocateSpace": 1,
"Datastore.Allocate": 1,
"Permissions.Modify": 1,
"Datastore.AllocateTemplate": 1
},
"nodes": {
"Sys.Audit": 1,
"Sys.PowerMgmt": 1,
"Sys.Syslog": 1,
"Sys.Modify": 1,
"Sys.Console": 1,
"Permissions.Modify": 1
},
"vms": {
"VM.PowerMgmt": 1,
"VM.Config.Disk": 1,
"VM.Allocate": 1,
"VM.Config.CDROM": 1,
"VM.Console": 1,
"VM.Snapshot": 1,
"VM.Config.Options": 1,
"Permissions.Modify": 1,
"VM.Config.Memory": 1,
"VM.Config.HWType": 1,
"VM.Audit": 1,
"VM.Snapshot.Rollback": 1,
"VM.Config.Network": 1,
"VM.Monitor": 1,
"VM.Clone": 1,
"VM.Config.CPU": 1,
"VM.Backup": 1,
"VM.Migrate": 1
},
"access": {
"User.Modify": 1,
"Group.Allocate": 1,
"Permissions.Modify": 1
},
"dc": {
"Sys.Audit": 1
}
},Also, it seems like the Realm permissions are not showing up for root user either?
Logging into the GUI directly with the created user, I only see the options Storage and Users under Datacenter in addition to the option to create VM/CTs. However, the Datacenter > Users section is read-only, I only see 1 user which is the same user I'm logged in as and the only options available are Password/TFA. The Add/Edit/Remove options are greyed out. This is even though I have given the user the exact same permissions as the root user.
What am I doing wrong?
Thanks!
Last edited:
)