Hello dear Proxmox team,
We have noticed that the rights necessary to access "Datacenter >> Backup" are very high.
One needs :
While "Sys.Audit" can be "ok", I think that granting "Sys.Modify" on / in order for one to be able to do backups of it's VMs seems too high of a privilege.
The "Sys.Modify" grants user abilities to "create/modify/remove node network parameters"
We are using SDN with complex setup and we clearly do not want user(s) scheduling backup to mess-up with complex network settings.
I think that access to the "Datacenter >> Backup" panel and manipulation of this setup shall have it's own set of authorization.
Another suggestion that we have would be to allow "tag based" backups.
That would allow more dynamic backups to be scheduled, while solving the previous issue (we setup the job once and just add VM using tag).
Sincerely.
We have noticed that the rights necessary to access "Datacenter >> Backup" are very high.
One needs :
- Sys.Modify on /
- Sys.Audit on /
While "Sys.Audit" can be "ok", I think that granting "Sys.Modify" on / in order for one to be able to do backups of it's VMs seems too high of a privilege.
The "Sys.Modify" grants user abilities to "create/modify/remove node network parameters"
We are using SDN with complex setup and we clearly do not want user(s) scheduling backup to mess-up with complex network settings.
I think that access to the "Datacenter >> Backup" panel and manipulation of this setup shall have it's own set of authorization.
Another suggestion that we have would be to allow "tag based" backups.
- A VM containing a certain tag would be automatically included in a backup policy
That would allow more dynamic backups to be scheduled, while solving the previous issue (we setup the job once and just add VM using tag).
Sincerely.
Last edited:
