Hey,
I'm trying to make sure that I'm not missing anything.
If I use Proxmox with PBS added as Storage for Backups, and I set a Retention Schedule inside the Backup Job (or the Storage Config), the user that is used to login into the PBS need the Permission
I think giving your host the
That means if you want good (better) security, you should configure backup retention & pruning in the PBS itself, right?
If that is all correct, it would be amazing if there was a little bit more flexibility for retention / pruning, like
I'm trying to make sure that I'm not missing anything.
If I use Proxmox with PBS added as Storage for Backups, and I set a Retention Schedule inside the Backup Job (or the Storage Config), the user that is used to login into the PBS need the Permission
Datastore.Prune,correct?I think giving your host the
Datastore.Prunepermission is really not a good idea (large blast radius if your Proxmox host gets pwned).That means if you want good (better) security, you should configure backup retention & pruning in the PBS itself, right?
If that is all correct, it would be amazing if there was a little bit more flexibility for retention / pruning, like
- being able to override pruning for specific backup groups (perhaps auto synced with a retention setting in Proxmox somehow? but auto sync is a potential security issue)
- being able to specify a sub-namespace in backup jobs in proxmox (that is "added" to the namespace specified when you add the PBS as storage) - right now it seems like if you want to target multiple namespaces (in order to have different PBS-side retention policies without granting the
Datastore.Prunepermission), you have to add the same PBS server multiple times
- being able to change / edit the namespace after a PBS has been added