permissions removable datastore

[Thomas Jagoditsch]

hi @all,


i'm trying to get a grip on removable datastores and on a workable procedure for a backup operator user.
in my book a backup operator user should be able to

• mount the removable drive
• see stats like free space
• start a pre-defined sync-job (local to removable, remote to removable), no time/schedule, manual
• get a mail when this job is finished
• unmount the removable drive

i defined a operator user and gave him / = Audit so that he at least get no error message from th UI
i then added

• /datastore/<datastore> = DataStorePowerUser

but the user can't see (and start ..) a defined sync job. he sees the mount/unmount buttons tho - but gets a 400 when trying.
OTOH if i give him

• /datastore/<datastore> = DataStoreAdmin

then he can run the sync job - but also change delete them. mount/unmount gets him a 403.

has anybody a clue which permissions/combinations are needed to allow the mount/unmount/sync but not the modifications.

wbr,tja...

 

[fabian]

that depends on the sync job. unmounting is a highly privileged operation, but you could probably automate that in a different fashion (e.g., upon sync completion by hooking into a notification?)

 

[Thomas Jagoditsch]

hi, thx for your reply.

unmounting is only part of the problem - although a hook on the notification is a nice idea.

mounting and running the sync would be necessary too.

fine grained permissions for these operations would be very useful.

wbr,tja...

 

[fabian]

mounting should happen automatically if you have a single removable datastore. sync has its own permissions, see the documentation.