Hello,
I'm not sure if this has already been asked here, but I couldn't find anything about it.
We are trying to give a user of our Proxmox cluster the rights to edit the backup plans, which according to the documentation requires Sys.Modify. In the meantime we have also managed to restrict the view of the other menu items with some NoAccess entries so that it is no longer possible for the user to see other users who are not in his pool in the “User” menu.
Now to my questions:
- Is it possible to restrict Sys.Audit so much that this user can no longer see the menu items “Cluster , Ceph and Roles”?
- If the restriction of access to the menu items is not possible. How can I prevent this user from extending his rights? Because the rights “Sys.Audit and Sys.Modify” are required to edit the backup plans, but are also required to change the rights of the roles.
- If the user has access to the backup plans, he can also edit plans from other pools and storages although he does not have access to them. Can this be prevented?
I'm not sure if this has already been asked here, but I couldn't find anything about it.
We are trying to give a user of our Proxmox cluster the rights to edit the backup plans, which according to the documentation requires Sys.Modify. In the meantime we have also managed to restrict the view of the other menu items with some NoAccess entries so that it is no longer possible for the user to see other users who are not in his pool in the “User” menu.
Now to my questions:
- Is it possible to restrict Sys.Audit so much that this user can no longer see the menu items “Cluster , Ceph and Roles”?
- If the restriction of access to the menu items is not possible. How can I prevent this user from extending his rights? Because the rights “Sys.Audit and Sys.Modify” are required to edit the backup plans, but are also required to change the rights of the roles.
- If the user has access to the backup plans, he can also edit plans from other pools and storages although he does not have access to them. Can this be prevented?