[pbs-devel] [PATCH proxmox-backup 00/16] API tokens
Fabian Grünbichler
f.gruenbichler at proxmox.com
Fri Oct 30 09:03:48 CET 2020
On October 29, 2020 8:50 pm, Thomas Lamprecht wrote:
> On 28.10.20 12:36, Fabian Grünbichler wrote:
>> changes since RFC:
>> - reworked Userid with wrapping Authid
>> - rename RpcEnvironment user -> auth_id
>> - lots of churn
>> - lots of corner cases
>> - lots of rebasing
>> - ACL editing for unprivileged users
>> - more GUI stuff added
>>
>> proxmox and proxmox-widget-toolkit patches needed for patches #3++ and
>> GUI respectively
>>
>
> played a bit around, works nice in general, but please add some documentation,
> else one can have a bit of a hard time figuring the usage out.
yes, docs and some more improvements are on my todo list.
> Also, I just may not remember if we discussed this, but why is there no
> "inherit the user permission" mode like PVE has?
because with the ACL changes (allowing a user to define arbitrary ACLs
for their tokens) it's not really needed. I can just give Admin on '/'
with propagation for the same effect. and also because I think it's
better to make users think about which permissions to give a certain
token (e.g., most tokens will probably just have Datastore.Backup on one
datastore, which is something I'd like to put somewhere on the Datastore
GUI as a two-step 'Create client token' thing) then nudging them into
'just tick this and everything works (but is not much better than just
storing your username + password everywhere)'.
More information about the pbs-devel
mailing list