[pve-devel] r5554 - in pve-access-control/trunk: . PVE

svn-commits at proxmox.com svn-commits at proxmox.com
Wed Feb 16 11:51:11 CET 2011


Author: dietmar
Date: 2011-02-16 11:51:11 +0100 (Wed, 16 Feb 2011)
New Revision: 5554

Modified:
   pve-access-control/trunk/ChangeLog
   pve-access-control/trunk/PVE/AccessControl.pm
   pve-access-control/trunk/README
Log:
 Changes set of privileges. We try to be as
	simple as possible. We can refinen them in future.



Modified: pve-access-control/trunk/ChangeLog
===================================================================
--- pve-access-control/trunk/ChangeLog	2011-02-16 10:41:52 UTC (rev 5553)
+++ pve-access-control/trunk/ChangeLog	2011-02-16 10:51:11 UTC (rev 5554)
@@ -1,5 +1,8 @@
 2011-02-16  Proxmox Support Team  <support at proxmox.com>
 
+	* README (privileges): Changes set of privileges. We try to be as
+	simple as possible. We can refinen them in future.
+
 	* PVE/ACLCache.pm: deleted - moved code into RPCEnvironment.
 
 2011-02-15  Proxmox Support Team  <support at proxmox.com>

Modified: pve-access-control/trunk/PVE/AccessControl.pm
===================================================================
--- pve-access-control/trunk/PVE/AccessControl.pm	2011-02-16 10:41:52 UTC (rev 5553)
+++ pve-access-control/trunk/PVE/AccessControl.pm	2011-02-16 10:51:11 UTC (rev 5554)
@@ -435,34 +435,23 @@
 }
 
 my $valid_privs = {
-    'VM.Create' => 1,
-    'VM.Remove' => 1,
-    'VM.MemoryModify' => 1,
-    'VM.AddNewDisk' => 1,
-    'VM.AddExistingDisk' => 1,
-    'VM.DiskModify' => 1,
-    'VM.UseRawDevice' => 1,
-    'VM.PowerOn' => 1, 
-    'VM.PowerOff' => 1, 
-    'VM.ConfigureCD' => 1,
+    'VM.Audit' => 1,
+    'VM.Modify' => 1,
+    'VM.Allocate' => 1,
+    'VM.PowerMgmt' => 1, 
     'VM.Migrate' => 1,
     'VM.Console' => 1,
-    'VM.CpuModify' => 1,
-    'VM.CpuCyclesModify' => 1,
-    'VM.NetworkAdd' => 1,
-    'VM.NetworkConfigure' => 1,
-    'VM.NetworkRemove' => 1,
-
+ 
+    'Datastore.Audit' => 1,
+    'Datastore.Allocate' => 1,
     'Datastore.AllocateSpace' => 1,
-    'Datastore.Browse' => 1,
 
     'Permissions.Modify' => 1,
 
-    'Network.AssignNetwork' => 1,
-
-    'Sys.PowerOff' => 1,
+    'Sys.PowerMgmt' => 1,
     'Sys.Console' => 1,
     'Sys.Syslog' => 1,
+    'Sys.Audit' => 1,
 };
 
 my $special_roles = {

Modified: pve-access-control/trunk/README
===================================================================
--- pve-access-control/trunk/README	2011-02-16 10:41:52 UTC (rev 5553)
+++ pve-access-control/trunk/README	2011-02-16 10:51:11 UTC (rev 5554)
@@ -63,9 +63,31 @@
 
 privileges: 
 
-	defines rights required to execute actions or read information. We need to
-	refine those - the following is just an example:
+	defines rights required to execute actions or read
+	information.
 
+	VM.Allocate: create/remove new VM to server inventory
+	VM.Migrate: migrate VM to alternate server on cluster
+   	VM.PowerMgmt: power management (start, stop, reset, shutdown, ...)
+	VM.Console: console access to VM
+	VM.Audit: view VM config
+	VM.Modify: modify VM config
+
+	Datastore.Allocate: create/remove/modify a data store.
+	Datastore.AllocateSpace: allocate space on a datastore
+	Datastore.Audit: view/browse a datastore
+
+	Permissions.Modify: modify access permissions
+
+	Sys.PowerMgmt: Node power management (start, stop, reset, shutdown, ...)
+	Sys.Console: console access to Node
+	Sys.Syslog: view Syslog
+	Sys.Audit: view node status/config
+
+
+	We may need to refine those in future - the following privs
+	are just examples:
+
 	VM.Create: create new VM to server inventory
 	VM.Remove: remove VM from inventory
 	VM.MemoryModify: modify memory associated with VM
@@ -76,25 +98,14 @@
 	VM.PowerOn: power on VM
 	VM.PowerOff: power off VM
 	VM.ConfigureCD: assign a device/image file to VM
-	VM.Migrate: migrate VM to alternate server on cluster
-	VM.Console: console access to VM
 	VM.CpuModify: modify number of CPUs associated with VM
 	VM.CpuCyclesModify: modify CPU cycles for VM
 	VM.NetworkAdd: add network device to VM
 	VM.NetworkConfigure: configure network device associated with VM
 	VM.NetworkRemove: remove network device from VM
 
-	Datastore.AllocateSpace: allocate space on a datastore
-	Datastore.Browse: browse a datastore
-
-	Permissions.Modify: modify system permissions
-
 	Network.AssignNetwork: assign system networks
 
-	Sys.PowerOff: power off Node
-	Sys.Console: console access to Node
-	Sys.Syslog: view Syslog
-
 role:
 
 	defines a sets of priviledges



More information about the pve-devel mailing list