From 9de7c71a811ae67a7a16f81cb33d8f1d41cdc3e2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabian=20Gr=C3=BCnbichler?= Date: Mon, 2 Nov 2020 11:48:11 +0100 Subject: [PATCH] docs: extend managing remotes MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit with information about required privileges and limitations Signed-off-by: Fabian Grünbichler --- docs/managing-remotes.rst | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/docs/managing-remotes.rst b/docs/managing-remotes.rst index e8495db1..382ca84d 100644 --- a/docs/managing-remotes.rst +++ b/docs/managing-remotes.rst @@ -79,4 +79,17 @@ either start it manually on the GUI or provide it with a schedule (see └────────────┴───────┴────────┴──────────────┴───────────┴─────────┘ # proxmox-backup-manager sync-job remove pbs2-local +For setting up sync jobs, the configuring user needs the following permissions: +#. ``Remote.Read`` on the ``/remote/{remote}/{remote-store}`` path +#. at least ``Datastore.Backup`` on the local target datastore (``/datastore/{store}``) + +If the ``remove-vanished`` option is set, ``Datastore.Prune`` is required on +the local datastore as well. If the ``owner`` option is not set (defaulting to +``backup@pam``) or set to something other than the configuring user, +``Datastore.Modify`` is required as well. + +.. note:: A sync job can only sync backup groups that the configured remote's + user/API token can read. If a remote is configured with a user/API token that + only has ``Datastore.Backup`` privileges, only the limited set of accessible + snapshots owned by that user/API token can be synced.