Problem for user permission to only start, restart, shutdown one node

Altrove

Active Member
Apr 27, 2016
14
10
43
54
www.altrove.info
Hi to All,
i am this problem, i have crated the additional Role:

pveum roleadd Sys_Power-only -privs "Sys.PowerMgmt Sys.Console"

and i have add a permissions to the user "pippo" (is a PVE user autentication) for only start, stop, reset, shutdown the node, i have only one node and the name of node il "pvemido1"

in the permission i have selected the path to: /nodes/pvemido1 and the user "pippo" and the permission "Sys_Power-only" but when i log-in with this user i have not the option active for start, stop, reset, shutdown the node the selection are grey and non clickable....

i have changed the path to only "/" for the permission but the situation is the same... help... ths

ps. i have a Proxmox 4.1

Code:
proxmox-ve: 4.1-39 (running kernel: 4.2.8-1-pve)
pve-manager: 4.1-22 (running version: 4.1-22/aca130cf)
pve-kernel-4.2.6-1-pve: 4.2.6-36
pve-kernel-4.2.8-1-pve: 4.2.8-39
pve-kernel-4.2.2-1-pve: 4.2.2-16
lvm2: 2.02.116-pve2
corosync-pve: 2.3.5-2
libqb0: 1.0-1
pve-cluster: 4.0-36
qemu-server: 4.0-64
pve-firmware: 1.1-7
libpve-common-perl: 4.0-54
libpve-access-control: 4.0-13
libpve-storage-perl: 4.0-45
pve-libspice-server1: 0.12.5-2
vncterm: 1.2-1
pve-qemu-kvm: 2.5-9
pve-container: 1.0-52
pve-firewall: 2.0-22
pve-ha-manager: 1.0-25
ksm-control-daemon: 1.2-1
glusterfs-client: 3.5.2-2+deb8u1
lxc-pve: 1.1.5-7
lxcfs: 2.0.0-pve2
cgmanager: 0.39-pve1
criu: 1.6.0-1
zfsutils: 0.6.5-pve7~jessie
 
Not sure if that help in your case, but you can restrict access to storages for specified nodes.

And please stop this double posting!
 
I see - you cannot do that, sorry. But it does not make much sense in my opinion..

Ok, my request stems from the need to give to my client access only VM (PVEVMAdmin and works) then the storage (PVEDatastoreAdmin and it works), then this user as well as to manage the VM Backup and sun without altering the configuration must PVE you can always switch off your PVE and of course VMs which with permission PVEVMAdmin is able to do it, just missing the opportunity for various reasons (maintenance, etc.) can make shutdown of PVE, it does not seem such a strange request .. and then I ask then what is it for me, "Sys.PowerMgmt: node power management (start, stop, reset, shutdown, ...)" in the section that concerns precisely nodes at this link (http://pve.proxmox.com/ wiki / User_Management # Node_.2F_System_related_privileges)
Thank you
 
Try also granting the sys.audit permission. They'll seemingly get access to all the settings but will get permission denied when they try to change them. However they will be able to reboot and shutdown a node.
 
  • Like
Reactions: Loopo

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!