Special access for specific user on a Proxmox cluster

[Janus006]

Hi,
I'm working with proxmox for almost one year. I now have a cluster composed of 3 nodes. One of my node, the oldest, is used mor for Lab VM and LXC. I would like to give access to one of my friend to my Proxmox cluster, giving him the opportunitiy to create and work with some VMs, but not to all my infra.
Is it possible to create a user and gime him access to only:
- create VM on my "Lab" host
- Access to le local storage of this host
- Access to the Lab dedicated bridge interface
and not to delete or modify any other config

This was almost easy in VMWare, but I do not seems to find a good documentation, Guide, Walktrough to do this in Proxmox.

Thank for your help

 

[michaelcontreras]

Absolutely, it is possible to create a user in Proxmox and restrict their access to only specific functions and resources like you described. Here’s a quick outline of how you can achieve this:
Create a User - Start by creating a new user in Proxmox. You can do this by navigating to the “Datacenter” view, going to “Permissions” > “Users” > “Add.”
Configure a Role - You’ll need to create or use an existing role that has the exact permissions you want for this user. Since you'd like them to only create VMs and access specific resources on your "Lab" host, you can customize a role to include minimal permissions like "VM.Create" and the necessary access to local storage and the bridge interface.
Set Permissions - Assign the user permissions specifically for the "Lab" host and its local storage, while ensuring their access is restricted only to the necessary objects. Make sure to explicitly define the path (e.g., /vms/[Lab-Host]) where they will have these permissions, instead of applying them globally.
Test Access - After setting this up, log in with the new user’s credentials or ask your friend to test. This will ensure they can perform the needed tasks (such as creating VMs) and that they don’t have access to modify other parts of your infrastructure.
It's true that this process isn’t as straightforward as in VMware, but by carefully defining roles and permissions, Proxmox allows for detailed control. If you’re looking for official documentation, the Proxmox wiki and forums can offer some additional insights, though it can take some digging. Hopefully, these steps help you get things set up seamlessly!