Privilege für User can use PM Firewall

[informant]

Hi, what privileg do i must set, that a user can use/set/edit firewall rules on his vm only? I can not found a privileg n other Rule Groups for Firewall !
regards

 

[informant]

Hi, we have a own group for custumers, but i dont find a "Virtual machine related privileges" for add/edit /delete a firewall entry or for firewall controlling... in your wiki it was not listed https://pve.proxmox.com/wiki/User_Management
what is rule name for firewall in a vm? at moment my user role has following entry: VM.Config.CDROM, VM.Snapshot, VM.Console, VM.Audit, VM.PowerMgmt

regards

 

[fabian]

VM.Config.Network, see PVE API Viewer

 

[informant]

yes, but if i set this rule, customer can remove her network controller ... thats not good. i need a rule only for firewall, that can use set here? well we do activate firewall in network controller directly, customer must edit remove add ... firewall rules only
regards

 

[fabian]

no, there are no separate firewall permissions like that.

 

[informant]

can you impelment this, well cust must have access to firewall if it was activated

 

[fabian]

configuring just the firewall without the network itself is only rarely needed (they are basically on the same level of 'what can go wrong'), but complicates the checks. your users can just configure a firewall inside the guest if they want full autonomy over their part of the firewall, but you don't want to give them the option to modify it on the PVE side.

 

[informant]

hi enduser do not change network options, they do only use console restart dashbaord for viewing and firewall. bu do not change his server config. server config include network do only admins.

 

[fabian]

like I said - if you want this, your users need to configure the firewall inside their guest, not on the PVE side.

 

[informant]

ok hm