Hi,
I read through the User Management KB article to get some background info and applied that below.
I am currently running version 5.4.13.
I created a new group -> users.
I created a new user account -> user1, and assigned it the new group.
I then added a new permission for the @users group to access /vms/101 and assigned it the role PVEVMAdmin.
When logging in as this new user I cannot see any resources in the web UI at all.
When I change the permission to the path /vms instead of /vms/101 then all the VMs are displayed when logging in as the new user.
Questions:
1. How do I restrict the console access to only VM101 and not show all the VMs? I would have assumed that assigning it the path /vms/101 would do it?
2. What are the absolute minimum privileges I have to assign to a new role to only allow a user to access the console and stop and start a VM? I assigned VM.Console, VM.PowerMgmt and VM.Audit?
Comments:
- It looks like propagation does not correctly update successive changes made to permissions. While testing I assigned various different roles, privileges and permissions. After cleaning them all out on the Permissions page some of the assigned privileges are still applied and active even though there is nothing displayed in Permissions. Do you manually have to restart any services to ensure changes and propagation are applied correctly?
Werner
I read through the User Management KB article to get some background info and applied that below.
I am currently running version 5.4.13.
I created a new group -> users.
I created a new user account -> user1, and assigned it the new group.
I then added a new permission for the @users group to access /vms/101 and assigned it the role PVEVMAdmin.
When logging in as this new user I cannot see any resources in the web UI at all.
When I change the permission to the path /vms instead of /vms/101 then all the VMs are displayed when logging in as the new user.
Questions:
1. How do I restrict the console access to only VM101 and not show all the VMs? I would have assumed that assigning it the path /vms/101 would do it?
2. What are the absolute minimum privileges I have to assign to a new role to only allow a user to access the console and stop and start a VM? I assigned VM.Console, VM.PowerMgmt and VM.Audit?
Comments:
- It looks like propagation does not correctly update successive changes made to permissions. While testing I assigned various different roles, privileges and permissions. After cleaning them all out on the Permissions page some of the assigned privileges are still applied and active even though there is nothing displayed in Permissions. Do you manually have to restart any services to ensure changes and propagation are applied correctly?
Werner
