User Permissions

[jeanmarie]

I think I understand the concept of the path,user/group,role tripel, but still i'm not able to accomplish some sort self-provisioning environment.
This should be an environment of 4 nodes in a cluster (allready established) where (in our case) the students can login in (allowed via AD), create and manage (access to the console) their own VMs (ideally only one VM per student). But they should not be able to mess around with other VMs or the proxmox environment. It should not be necessary for administrator to grant permissions for a student to their specific VM.

thanks

 

[dcsapak]

i think it does not work like you want at the moment,

you can access rights to a specific path (eg. /vms/1234 ) but you cannot define an amount of resources a user can allocate, so when you grant the user write access to a storage, they can delete all images on that storage

we want to improve the permission and resource allocation system, but this needs time

in the meantime you can always build your own frontend/apiclient with the appropriate checks/limits
(just make sure the students do not have direct access to the pve api with their credentials)