[SOLVED] Minimum rights for pushing a sync job to another pbs

[silbro]

Hi all

I've seen this wiki entry, but don't fully understand it:
https://pbs.proxmox.com/docs/managing-remotes.html

My situation:
I have 2 pbs servers. pbs1 and pbs2. pbs1 is on site and pbs2 is on a remote site. I want to push all the backups of the pbs1 to pbs2.

My question:
I created a user on pbs2 called sync. I want to give this user the minimal needed rights so I can push from pbs1 to pbs2 into the Namespace Sync. There are other namespaces that will be created there, at least initially. When would I need to use Remote rights and when not? What permissions do I need to give this user on pbs2?:






Thanks for any help, it is much appreciated!
silbro

 

[Chris]

Hi,

When would I need to use Remote rights and when not? What permissions do I need to give this user on pbs2?:

Remote rights are only required if that user should be able to interact with datastores on remote PBS instances. Since your user is local to pbs2, it only requires the permissions to interact with the local datastore. So at least Datastore.Backup on that namespace, if you would like also the remove vanished, it has to also have Datastore.Modify to delete namespaces and Datastore.Prune to delete snapshots and groups.

This user has then to be used to connect to the remote on your pbs1 instance, where the user running the sync job needs the documented permissions on the source datastore and the remote.

 

[silbro]

@Chris Thanks for your reply, it helped! I gave the user the following rights on pbs2:

This works