[pve-devel] User rights

Stefan Priebe - Profihost AG s.priebe at profihost.ag
Thu Jan 9 08:03:08 CET 2014


Hi,

i've changed the tasks permission to VM.Audit instead of Sys.Audit ;-)
More a hack but i like it that way. To me it's OK if somebody has
VM.Audit on / to see all tasks.

Stefan
Am 08.01.2014 18:35, schrieb Dietmar Maurer:
> One idea that comes in mind is to use something like:
> 
> pveum aclmod /access/groups/vmadmins -group vmadmins -role PVEAudit
> 
> ...
> 
>> -----Original Message-----
>> From: Dietmar Maurer
>> Sent: Mittwoch, 08. Jänner 2014 17:37
>> To: 'Stefan Priebe - Profihost AG'; pve-devel at pve.proxmox.com
>> Subject: RE: [pve-devel] User rights
>>
>>> I've group @vmadmins these have the Role PVEVMAdmin everthing is fine
>>> except that they only see their own tasks. But i would like to see
>>> them all tasks so they know of each other and who is doing what kind of
>> things.
>>>
>>> I then thought i will give them PVEAuditor too but then they're able
>>> to see all groups, users, storage and set options.
>>>
>>> What is the right way to archieve this?
>>
>> Our permission system works on resources (VMs, storages). But in general, our
>> tasks only include information about users, so what you try to do is not possible.
>>
>> Some task includes the resource they work on, for example most VM related
>> tasks includes the VM ID. That way it is possible to view the VM 'Task History' -
>> all your @vmadmins should be able to see that?
> 
> 



More information about the pve-devel mailing list