proxmox-mirrors/pve-docs
1
0
Fork 0
mirror of https://git.proxmox.com/git/pve-docs synced 2025-10-31 09:23:16 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

reorder the roles section

Browse Source 
As they provide an overview of predefined roles and give an
idea of what kind of permissions are available, they fit
better right after the new general permission introduction.
This commit is contained in:
Wolfgang Bumiller 2016-10-05 11:48:53 +02:00 committed by Dietmar Maurer
parent 04f44730da
commit 853d288bd5
1 changed files with 31 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

61
pveum.adoc
View File

@ -198,6 +198,37 @@ role)', with the role containing a set of allowed actions, and the path
representing the target of these actions.
Roles
~~~~~
A role is simply a list of privileges. Proxmox VE comes with a number
of predefined roles which satisfies most needs.
* `Administrator`: has all privileges
* `NoAccess`: has no privileges (used to forbid access)
* `PVEAdmin`: can do most things, but miss rights to modify system settings (`Sys.PowerMgmt`, `Sys.Modify`, `Realm.Allocate`).
* `PVEAuditor`: read only access
* `PVEDatastoreAdmin`: create and allocate backup space and templates
* `PVEDatastoreUser`: allocate backup space and view storage
* `PVEPoolAdmin`: allocate pools
* `PVESysAdmin`: User ACLs, audit, system console and system logs
* `PVETemplateUser`: view and clone templates
* `PVEUserAdmin`: user administration
* `PVEVMAdmin`: fully administer VMs
* `PVEVMUser`: view, backup, config CDROM, VM console, VM power management
You can see the whole set of predefined roles on the GUI.
Adding new roles can currently only be done from the command line, like
this:
[source,bash]
----
pveum roleadd PVE_Power-only -privs "VM.PowerMgmt VM.Console"
pveum roleadd Sys_Power-only -privs "Sys.PowerMgmt Sys.Console"
----
Objects and Paths
~~~~~~~~~~~~~~~~~
@ -258,36 +289,6 @@ Storage related privileges::
* `Datastore.Audit`: view/browse a datastore
Roles
~~~~~
A role is simply a list of privileges. Proxmox VE comes with a number
of predefined roles which satisfies most needs.
* `Administrator`: has all privileges
* `NoAccess`: has no privileges (used to forbid access)
* `PVEAdmin`: can do most things, but miss rights to modify system settings (`Sys.PowerMgmt`, `Sys.Modify`, `Realm.Allocate`).
* `PVEAuditor`: read only access
* `PVEDatastoreAdmin`: create and allocate backup space and templates
* `PVEDatastoreUser`: allocate backup space and view storage
* `PVEPoolAdmin`: allocate pools
* `PVESysAdmin`: User ACLs, audit, system console and system logs
* `PVETemplateUser`: view and clone templates
* `PVEUserAdmin`: user administration
* `PVEVMAdmin`: fully administer VMs
* `PVEVMUser`: view, backup, config CDROM, VM console, VM power management
You can see the whole set of predefined roles on the GUI.
Adding new roles using the CLI:
[source,bash]
----
pveum roleadd PVE_Power-only -privs "VM.PowerMgmt VM.Console"
pveum roleadd Sys_Power-only -privs "Sys.PowerMgmt Sys.Console"
----
Permissions
~~~~~~~~~~~