[SOLVED] what would be a useful role for a pure api get

[immo]

Which role should I assign or create for a user who is only allowed to use the get functions from the rest interface ?

https://$APINODE:8006/api2/json/cluster/resources?type=node
https://$APINODE:8006/api2/json/cluster/resources?type=vm

would be enough. But he must see ALL VMs and ALL Nodes

 

[pabernethy]

The PVEAuditor role is intended for that purpose. If you want to limit access to VMs and nodes (excluding storage, pools and access control) you can give the user access to only /vms and /nodes. For example:

# pveum aclmod /vms --roles PVEAuditor --users audit@pve
# pveum aclmod /nodes --roles PVEAuditor --users audit@pve

 

[immo]

thx a lot