Permissions for accessing Qemu agent info


Aug 30, 2018
I am trying figure out what permission is need to access the agent info through the PVE API. I have a users that is setup wit the role of PVEAuditor and can access what agent info is available through /api2/json/nodes/{node}/qemu/{vmid}/agent. But if I try and access info such as the network interface information through /api2/json/nodes/{node}/qemu/{vmid}/agent/network-get-interfaces I end up with a 403. I have been searching all morning trying to figure out which permissions grant that but can't seem to find it anywhere. Does anyone know what controls access to these agent URLs?

I see that it requires VM.Monitor which states it grants access to VM monitor (kvm). Is there a document that states what api functions this permission has access to? Some sort of reverse mapping?


The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!