Permissions for Backup Management

[Leah]

Hey,

we have a proxmox cluster with globally (in the datacenter section) configured backups. In some cases users from a group that has access to a pool as PVEVMAdmin needs to reboot VMs during a backup. This is not possible during a backup run. Currently they need to ask a global admin with Administrator role to stop the backup to be able to reboot the VM. Which permission do I need to add to PVEVMAdmin to enable the users in a specific group to see the running backups in their pool and stop them if needed?

 

[jammin]

Through trial and error, I've found that the "sys.modify + sys.audit" permissions are required at the "/" level access to allow a user to create a backup Schedule under "Datacenter > Backup"

This is how to do that

1. Create Roll (Datacenter >Permssions > Rolls) with Privilege sys.modify + sys.audit
2. Create Group (Datacenter >Permssions > Groups) call it something useful ie "CreateBackups"
3. Add one or more users (Datacenter >Permssions > Users) to the Group created in step 2
4. Add a permission (Datacenter > Permissions)
- Path: "/"
- Group: Select Group created in step 3 (ie CreateBackups)
- Role: Select Roll created in step 1


Please note this wont allow the user to add/edit user permissions.

From the manual, this is what these permissions allow

Sys.Audit
Sys.Audit allows a user to know about the system and its status.

Sys.Modify
Sys.Modify allows a user to modify system-level configuration and apply updates.

source: https://pbs.proxmox.com/docs/user-management.html#privileges