[pve-devel] [PATCH access-control 1/1] fix #3402: add Pool.Audit permission

Fabian Grünbichler f.gruenbichler at proxmox.com
Fri Apr 30 13:27:42 CEST 2021


On April 29, 2021 11:48 am, Lorenz Stechauner wrote:
> Signed-off-by: Lorenz Stechauner <l.stechauner at proxmox.com>
> ---
>  PVE/AccessControl.pm | 8 ++++++--
>  README               | 1 +
>  2 files changed, 7 insertions(+), 2 deletions(-)
> 
> diff --git a/PVE/AccessControl.pm b/PVE/AccessControl.pm
> index f7d4e78..888875e 100644
> --- a/PVE/AccessControl.pm
> +++ b/PVE/AccessControl.pm
> @@ -819,8 +819,12 @@ my $privgroups = {
>  	admin => [
>  	    'Pool.Allocate', # create/delete pools
>  	],
> -	user => [],
> -	audit => [],
> +	user => [
> +	    'Pool.Audit',
> +	],

this hunk actually causes a new built-in "PVEUser" role to be defined..

I am not sure whether it's worth it (probably PVEAuditor already serves 
that niche for almost all use-cases). but if we include it, then this 
requires a pve-docs patch as well ;) users might also already have a 
custom role named like that, so potentially defer to 7.0 as breaking 
change?

> +	audit => [
> +	    'Pool.Audit',
> +	],
>      },
>  };
>  
> diff --git a/README b/README
> index 33643a6..698b7a8 100644
> --- a/README
> +++ b/README
> @@ -96,6 +96,7 @@ privileges:
>  	  VM.Config.Options: modify any other VM configuration 
>  
>  	Pool.Allocate: create/remove/modify a pool.
> +	Pool.Audit: view/browse pool
>  
>  	Datastore.Allocate: create/remove/modify a data store.
>  	Datastore.AllocateSpace: allocate space on a datastore
> -- 
> 2.20.1
> 
> 
> _______________________________________________
> pve-devel mailing list
> pve-devel at lists.proxmox.com
> https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
> 
> 
> 




More information about the pve-devel mailing list