[pve-devel] [PATCH pve-docs 2/3] pveum: add intro to 'limited API Token' section
Dylan Whyte
d.whyte at proxmox.com
Fri Oct 1 17:30:50 CEST 2021
Add a short introduction to the section "Limited API Token for
Monitoring", to provide some context
Signed-off-by: Dylan Whyte <d.whyte at proxmox.com>
---
pveum.adoc | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/pveum.adoc b/pveum.adoc
index a0fabfb..97e0005 100644
--- a/pveum.adoc
+++ b/pveum.adoc
@@ -793,7 +793,13 @@ members of the group `customers` and within the realm `pve`.
Limited API Token for Monitoring
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-Given a user `joe at pve`, with the PVEVMAdmin role on all VMs:
+Permissions on API tokens are always a subset of those of their corresponding
+user, meaning that an API token can't be used to carry out a task that the
+backing user has no permission to do. This section will demonstrate how you can
+use an API token with separate privileges, to limit the token owner's
+permissions further.
+
+Give the user `joe at pve` the role PVEVMAdmin on all VMs:
[source,bash]
pveum acl modify /vms -user joe at pve -role PVEVMAdmin
--
2.30.2
More information about the pve-devel
mailing list