[pbs-devel] [PATCH proxmox-backup 00/16] API tokens
Fabian Grünbichler
f.gruenbichler at proxmox.com
Fri Oct 30 10:55:36 CET 2020
On October 30, 2020 9:48 am, Thomas Lamprecht wrote:
> On 30.10.20 09:03, Fabian Grünbichler wrote:
>> On October 29, 2020 8:50 pm, Thomas Lamprecht wrote:
>>> Also, I just may not remember if we discussed this, but why is there no
>>> "inherit the user permission" mode like PVE has?
>>
>> because with the ACL changes (allowing a user to define arbitrary ACLs
>> for their tokens) it's not really needed. I can just give Admin on '/'
>> with propagation for the same effect.
>
> hmm, true, but then I'd hint to the user that a newly created token has
> no permissions.
might be a good addition to the 'Copy secret value' dialogue?
>
>> and also because I think it's
>> better to make users think about which permissions to give a certain
>> token (e.g., most tokens will probably just have Datastore.Backup on one
>> datastore, which is something I'd like to put somewhere on the Datastore
>> GUI as a two-step 'Create client token' thing) then nudging them into
>> 'just tick this and everything works (but is not much better than just
>> storing your username + password everywhere)'.
>>
>
> btw. can we enter a token in Proxmox VE storage add already?
yes, it should be usable everywhere by using tokenid + secret instead
of userid + password (including remotes, PVE, proxmox-backup-client
command-line), except for proxmox-backup-qemu for which I just sent a
patch (Userid -> Authid).
More information about the pbs-devel
mailing list