User permissions

jurekk

Member
Mar 31, 2012
17
0
21
Hi,
I'm trying to give a permission to a user to manage his VM. I've used a Built-In Role PVEVMUser. Unfortunately The user is able to see nodes as well (see screenshot). I assumed that the user will be able to see the VM only, I don't think he should be able to see any physical resources of datacenter. Is this expected behaviour? Is there a way lets say to deny server view and force the user to pool view? Thank you in advance.
 

Attachments

  • user_permission.JPG
    user_permission.JPG
    40.1 KB · Views: 12
the api design makes it necessary that even a vm user needs to see at least the node where a vm of his might be on, otherwise it would not be possible to do any action on the vm
the path for starting a vm is for example: /nodes/NODENAME/qemu/VMID/start
so at least the name of the node has to be known
 
Thank you for the explanation. That makes sense. Regarding the attributes he is able to see not only the name of the node but subscription level as well (unfortunately its not visible on the screenshot). I don't think this is a good solution. Any advice how to prevent the user to see subscription levels on nodes? It would be ideal to deny the access to server view and allow pool view only (dropdown in the upper left corner). It that view the user sees only his vm's.
 
t would be ideal to deny the access to server view and allow pool view only (dropdown in the upper left corner). It that view the user sees only his vm's.
the user can still do api requests then so this is only a visual barrier...
 
I can filter out the API requests as I have the cluster behind a reverse proxy to harden the ssl. Therefore the restricted gui would be great.
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!