openvswitch permissions missing?

[athompso]

I'm trying to use pools and roles to allow limited user self-service, but I'm stuck on allowing them to create their own VMs. The sticking point appears, I think(???) to be that I'm using OpenvSwitch. Openvswitch works great for my needs, but I don't see any permissions for it in the PVE model, and when a role-assigned user tries to create a new VM, unless they have Administrator permission on "/", they don't see any bridge devices to attach to the VM.

Am I missing something obvious? I would like to continue using openvswitch, it makes VLAN management so incredibly easy compared to the Linux VLAN-based bridges.

Thoughts? Ideas?

thanks,
-Adam

 

[athompso]

further testing reveals that PVEAuditor permissions at "/" is adequate to let the user see vmbr0, but VM creation fails with:
Permission check failed (/sdn/zones/localnetwork/vmbr0, SDN.Use) (403)

Oh, even though I'm not [knowingly!] using SDN in any way, adding them as "SDNUser" to "/" seems to work.
Ah, even better, adding them as "SDNUser" role to "/sdn/zones/localnetwork" is adequate to allow them to create VMs.

Did I this in the docs somewhere? I admit I didn't pay much attention to the new SDN features b/c I don't need SDN features.
-Adam