User permission and roles...

diaolin

Active Member
Jul 7, 2008
220
0
36
Trentino Italy
When i add Permissions the system says:

Add group permission (for example)

it asks for "Path"

???

i don-t understand what that means

Tx, Diaolin
 

coffe

Member
Apr 16, 2009
153
0
16
if you check the "tree" on the left side.. its the path .. so you can grant acess to just some parts.
 

tom

Proxmox Staff Member
Staff member
Aug 29, 2006
14,290
537
133
if you want to grant access to all, just enter '/' as path.
 

tdo

Member
Oct 8, 2011
33
0
6
Is it possible to change or add a role? I need a user, that has the same permissions/role like "PVEVMUser" + VM.Config.CDROM permission. How do I do that?
 

bazzi

Active Member
Jun 4, 2010
107
0
36
And if I want to add a permission for a user so he can manage one VM?
 

bazzi

Active Member
Jun 4, 2010
107
0
36
Little tip so you don't have to know the path:
click on the left on the item that you want to "add" to a user/group.
Add the permissons in the permission tab. Then you don't need the path and the path will be generated.
 

diaolin

Active Member
Jul 7, 2008
220
0
36
Trentino Italy
Just for fun:

i created a user
and in the left pane clicked on a VM
added Administrator permission to that user for the VM
Logged on as user and removed the permission...

I think that this is correct but seeing this from a Unix perspective the
Administrator access to a particular server should be assigned from a superior
User and despite i assume that removing my privileges from my own VM should not be possible.
What do you think about this?

Many thanks, Diaolin
 

dietmar

Proxmox Staff Member
Staff member
Apr 28, 2005
16,666
359
103
Austria
www.proxmox.com
I think that this is correct but seeing this from a Unix perspective the
Administrator access to a particular server should be assigned from a superior
User
You can only assign Administrator access if you have Permission.Modify privilege (else it is a bug)


and despite i assume that removing my privileges from my own VM should not be possible.
What do you think about this?
Not sure about that. I guess a user simply should not do that ;-)
 

diaolin

Active Member
Jul 7, 2008
220
0
36
Trentino Italy
Too simple!
It-s like removing a file in a directory, if i don-t have write permission in the dir but
complete write permission on the file i cannot remove it.
But, as you say, a user should not do that!
:)
Diaolin
 

dietmar

Proxmox Staff Member
Staff member
Apr 28, 2005
16,666
359
103
Austria
www.proxmox.com
But, as you say, a user should not do that!
But your suggestion is interesting. I wonder if we can implement that by simply checking Permission.Modify on the parent object instead of the object itself - I need to think more about that.
 

diaolin

Active Member
Jul 7, 2008
220
0
36
Trentino Italy
My opinion is only that if i am in a tree i have the property from the point assigned to me
but i cannot destroy that point because this is a property of the container and not of the
point itself.

But this is only my opinion.
Diaolin
 

dietmar

Proxmox Staff Member
Staff member
Apr 28, 2005
16,666
359
103
Austria
www.proxmox.com
Is it possible to change or add a role? I need a user, that has the same permissions/role like "PVEVMUser" + VM.Config.CDROM permission. How do I do that?
You can do that on the command line, for example:

# pveum roleadd PVEDatastorePowerUser -privs "Datastore.AllocateSpace Datastore.Audit Datastore.AllocateTemplate"

See 'man pveum' for details.
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE and Proxmox Mail Gateway. We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get your own in 60 seconds.

Buy now!