Permissions required to create the VM

[zerkms]

Hi

The proxmox used is: Version 2.1-1/f9b0f63a

What I need: to create a user with minimal possible set of permissions to create VMs (openvz) and destroy created VMs

What I've done: I've created a user with PVE authentication, for the testing added it to the Administrators group of the storage, but when I press the "Create CT" button and go through the VM creation wizard form, after I press "Finish" I'm getting "Permission check failed (403)"

What have I missed?

 

[dietmar]

Hard to say without details (/etc/pve/user.cfg).

 

[zerkms]

Here it is.

user:tst-user@pve:1:0:Test:User:email@domain:*ONLY* for testing purposes:user:root@pam:1:0:::::


group:test::Testers:
group:developer::Developers:






acl:1:/storage/backup-tmp:tst-user@pve:Administrator,PVEVMAdmin:
acl:1:/storage/local:tst-user@pve:Administrator,PVEVMAdmin:
acl:1:/vms/118:tst-user@pve:Administrator:

Still couldn't solve it, hmmmmm. Seems like I'm missing something obvious

 

[dietmar]

acl:1:/vms/118:tst-user@pve:Administrator:

Still couldn't solve it, hmmmmm. Seems like I'm missing something obvious

You just give permissions for /vms/118? You want:

acl:1:/vms:tst-user@pve:Administrator:

 

[zerkms]

Not actually, I want to give the permissions sufficient to create new VMs (on a particular node or the whole cluster)

 

[dietmar]

Not actually, I want to give the permissions sufficient to create new VMs (on a particular node or the whole cluster)

Sure, simply use the role you want:

acl:1:/vms:tst-user@pve:PVEVMAdmin:

 

[zerkms]

Right, it was easy

Thank you

 

[zerkms]

Btw, where can I find description for the all ACL paths, like /vms, /storage and others?

 

[dietmar]

Btw, where can I find description for the all ACL paths, like /vms, /storage and others?

There is not much more: also see http://pve.proxmox.com/wiki/User_Management

The formal API definition documents what permissions you need for any API call:

http://pve.proxmox.com/pve2-api-doc/