User permission and roles...

diaolin

Renowned Member
Jul 7, 2008
332
8
83
Trentino Italy
When i add Permissions the system says:

Add group permission (for example)

it asks for "Path"

???

i don-t understand what that means

Tx, Diaolin
 
if you check the "tree" on the left side.. its the path .. so you can grant acess to just some parts.
 
if you want to grant access to all, just enter '/' as path.
 
Is it possible to change or add a role? I need a user, that has the same permissions/role like "PVEVMUser" + VM.Config.CDROM permission. How do I do that?
 
Little tip so you don't have to know the path:
click on the left on the item that you want to "add" to a user/group.
Add the permissons in the permission tab. Then you don't need the path and the path will be generated.
 
Just for fun:

i created a user
and in the left pane clicked on a VM
added Administrator permission to that user for the VM
Logged on as user and removed the permission...

I think that this is correct but seeing this from a Unix perspective the
Administrator access to a particular server should be assigned from a superior
User and despite i assume that removing my privileges from my own VM should not be possible.
What do you think about this?

Many thanks, Diaolin
 
I think that this is correct but seeing this from a Unix perspective the
Administrator access to a particular server should be assigned from a superior
User

You can only assign Administrator access if you have Permission.Modify privilege (else it is a bug)


and despite i assume that removing my privileges from my own VM should not be possible.
What do you think about this?

Not sure about that. I guess a user simply should not do that ;-)
 
Too simple!
It-s like removing a file in a directory, if i don-t have write permission in the dir but
complete write permission on the file i cannot remove it.
But, as you say, a user should not do that!
:-)
Diaolin
 
But, as you say, a user should not do that!

But your suggestion is interesting. I wonder if we can implement that by simply checking Permission.Modify on the parent object instead of the object itself - I need to think more about that.
 
My opinion is only that if i am in a tree i have the property from the point assigned to me
but i cannot destroy that point because this is a property of the container and not of the
point itself.

But this is only my opinion.
Diaolin
 
Is it possible to change or add a role? I need a user, that has the same permissions/role like "PVEVMUser" + VM.Config.CDROM permission. How do I do that?

You can do that on the command line, for example:

# pveum roleadd PVEDatastorePowerUser -privs "Datastore.AllocateSpace Datastore.Audit Datastore.AllocateTemplate"

See 'man pveum' for details.
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!