User groups?

C

christophe

Renowned Member
Mar 31, 2011
209
10
83
Hi everyone,

Can anyone please remind me why there is no concept of user groups in PBS, while user groups exist in PVE (and are so useful)?

Regards,
Christophe.
 
As far as I could find, I was not able to find any explanation for why there is no user group feature.

There have been similar threads in the past, and users were advised to submit a feature request in Bugzilla if necessary.

Chris

Post in thread 'PBS restore with LDAP groups and best practice for restoration and backup separation'

Hi,
Adrigrou said:
?- Is it possible to manage permissions on repositories and/or namespaces directly via LDAP groups, rather than with users ? there is as many backups to do as there are projects per server, and the same project may exist on different servers with different data.
Click to expand...
AFAIK this is currently not possible, you might add a feature request to bugzilla.proxmox.com. You can however manage users in LDAP and sync them to PBS, where you might apply ACLs and Roles accordingly.

Adrigrou said:
?- Is it possible to export outside of my download path in Proxmox Backup Server? Perhaps a "save as"...
Click to expand...

My personal view is that it would certainly be convenient to have, but I do not think it is a high-priority feature. (Of course, I would be happy if it were added.)

In PVE, there is a much wider range and granularity of permissions, whereas in PBS, in many cases, I think the practical permission level is mostly limited to system administrators.

Also, the number of people who actually need access to PBS is usually smaller than for PVE, so I feel it is still manageable even without a group feature.
 
  • Like
Reactions: Johannes S and christophe
d.oishi said:
In PVE, there is a much wider range and granularity of permissions, whereas in PBS, in many cases, I think the practical permission level is mostly limited to system administrators.
Click to expand...

Adding to this you can use API tokens to limit the access even further e.g. by creating a dedicated API token for every PVE node or remote PBS who need access.
 
  • Like
Reactions: christophe
Well, in https://pbs.proxmox.com/docs/user-management.html, one can read :
"Access Control

By default, new users and API tokens do not have any permissions. Instead you need to specify what is allowed and what is not.

Proxmox Backup Server uses a role- and path-based permission management system. An entry in the permissions table allows a user, group or token to take on a specific role when accessing an 'object' or 'path'. This means that such an access rule can be represented as a triple of '(path, user, role)', '(path, group, role)' or '(path, token, role)', with the role containing a set of allowed actions, and the path representing the target of these actions."

A buggy copy/paste from another doc?

Something better?

Regards,

Christophe.
 
You must log in or register to reply here.
Top Bottom
Back