SDN create VNet permission

B

Big4SMK

Active Member
Jun 7, 2017
27
2
43
41
Let's say I create an SDN zone called "ExampleZone" with one VNet called "ExampleVNet". My goal is for a User "ExampleUser" to be able to create additional VNets in that zone.

Going through the API hierarchy in the docs here he seems to need SDN.Audit and SDN.Allocate for the /sdn/zones/ExampleZone endpoint. However, even though I gave ExampleUser SDN.Audit, SDN.Allocate and SDN.Use permissions on that endpoint, he still doesn't see the SDN item under the Datacenter view to add additional VNets.

The user is able to use ExampleVNet for a vm, just not create additional VNets.

I'm wondering what else I need to add on pve 8.2.4 to enable the user to add VNets in their zone.
 
Last edited:
I just tried that to no avail, with or without propagation. Thank you for the suggestion though!
 
I manage to have the SDN management widgets to pop up under "Datacenter" by giving my user the role PVEAdmin on / (non-propagating) and the role PVESDNAdmin on /sdn (non-propagating). I am trying to narrow the PVEAdmin privilege on / now. Also, although I do find the SDN management widgets, the user cannot create any new zone because it cannot "see" any IPAM. Did you find any solution since your last post?
 
I tinkered with permissions for a few hours, and I found the following:

* For the SDN menu, give privileges to your user/group:
- Sys.audit on /, no propagation
- SDN.audit on /sdn, no propagation
* For the IPAMs, including pve
- SDN.audit on /sdn/ipams, propagation
* Connect to VM Bridge:
- SDN.Use on /sdn/zones/localnetwork, propagate (all bridges)
- SDN.Use on /sdn/zones/localnetwork/<bridge>, propagate (specific bridge)
- SDN.Use on /sdn/zones/<zone>/<net>, propagate (specific SDN zone/net)
* Create Net in zone
- SDN.Allocate on /sdn/zones/zone, propagate
- SDN.Allocate on /sdn, no propagate

I did not try whether the user-created SDN networks do work as intended.
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom