Vnet firewall edit permission

S

Sander Steffann

Member
Proxmox Subscriber
Sep 25, 2021
7
1
8
The Netherlands
I have a user on my cluster that I want to give permission to edit their own vnet firewall rules. I created a separate SDN zone for them as I don’t see a way to give permissions on just a single vnet. I can give them permission to use that SDN zone, but I can’t find a way to give them access to the firewall rules…

Any suggestions would be greatly appreciated :)
 
Hi, could you please be a little more specific on your firewall setup? Which firewall software are you using? Is the firewall installed on every node?
 
Sander Steffann said:
I created a separate SDN zone for them as I don’t see a way to give permissions on just a single vnet.
Click to expand...
The single VNETs don't show up in the ACL tree when you create a new permission under Datacenter->Permissions, but if you go to the SDN zone in the tree view, you can select the individual VNET and then right next to it, give out permissions on that VNET.

I think this is what you want right?
 
aaron said:
The single VNETs don't show up in the ACL tree when you create a new permission under Datacenter->Permissions, but if you go to the SDN zone in the tree view, you can select the individual VNET and then right next to it, give out permissions on that VNET.

I think this is what you want right?
Click to expand...

Ah, I think that’s exactly what I want! I’ll go back to my lab to test ;)

Thanks!
 
aaron said:
The single VNETs don't show up in the ACL tree when you create a new permission under Datacenter->Permissions, but if you go to the SDN zone in the tree view, you can select the individual VNET and then right next to it, give out permissions on that VNET.

I think this is what you want right?
Click to expand...

Sadly that didn't work. When I'm logged in as root I can see:

1735856262724.png

However I can't find a way to give someone access to Datacenter -> SDN -> VNet Firewall without making them administrator for the entire cluster. I just want to allow them to edit the firewall rules for one of the VNets.
 
I did try it myself, and it looks like that is currently not possible as even if I allow SDN.Allocate to a user, they are not allowed to edit the vnet firewall. Could you please open a feature request in our bugtracker, lining out the use-case to give users edit access to a vnet firewall?
 
  • Like
Reactions: Sander Steffann
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom