Strange permission check error when trying to clone a Template

Mar 22, 2021
19
0
21
35
Hello,
we just added another node to our proxmox cluster. I created some templates, gave the same group permissions to the template as on the other nodes: PVETemplateUserbut

Now users are complaining they cannot clone that template on that new node.

The error message is:

Permission check failed (/sdn/zones/localnetwork/vmbr0, SDN.Use) (403)

It looks like some insufficiant permissions on the network card but I don't have a clue ?
 
the error tells you which privilege you are missing (SDN.Use on the vmbr0 bridge). this privilege is required for adding new nics (or creating new guests using nics) on a certain bridge/vnet. it's not required for using the guest afterwards.
 
Hello Fabian and thans for your answer.

Should I create a new Role or ? And I don't see such privilege in the list: SDN.use ?

Plus I am wondering why the other templates on the other nodes are working just fine without this privelege ?
 
the "PVESDNUser" role allows access, but you can also add the privilege to a custom role. if you don't see it, please double check that all your nodes are running 8.x and that your browser hasn't cached any outdated files.
 
I don't have such role, only PVESDNAdmin with SDN.Allocate and SDN.Audit privileges.

And 3 of the nodes are at 7.x only the newst one is at 8.x, is that a problem ?
 
yes, please upgrade all of them
 
did you use the right path for the ACL? please provide more details (pveversion -v, errors/task logs, user.cfg entries that are relevant)
 
Hello, I found the right thing to do.
On the left side there's a new resource called localnetwork and add the group permission there. - PVESDNUser

Now it is working fine.
Thanks.
 
Hi, I'm having the same problem as you. Could you please explain how you solved it in more detail? I can't find the option you mentioned in your message. Thanks.