[pve-devel] [PATCH manager] ui: acl add: show warning if root at pam is selected

Lukas Wagner l.wagner at proxmox.com
Tue Oct 10 14:40:30 CEST 2023

On 10/10/23 14:10, Fiona Ebner wrote:
> Am 26.07.23 um 15:41 schrieb Lukas Wagner:
>> Currently, users are able to add ACL entries for the root at pam user.
>> Since this user always has full permissions, no entry in the ACL
>> tree will be saved, and consequently no new entry shows up in the UI
>> after pressing 'Add' in the dialog. This can be irritating if the
>> user does not know about this 'implementation detail'.
> Should we filter out the root at pam user from the selection dropdown
> altogether? Or maybe disable the Add button when root at pam is selected
> (and reword the warning appropriately)?
I think the second approach might be good idea, I'll try that.

>> This commit adds a little warning that pops up if root at pam is
>> selected:
>>    'root at pam always has full permissions. No entry will be added.'
>> The same problem also exists for API token permissions. Here it is
>> not really easy to add the warning though, since we do not know if
>> the token has separated privileges enable or not.
> It seems we do have that information available as a result of the
> /access/users?full=1 API call, or?

You are right, I missed that because I did not check the code for

I'll send a v2 with the suggested improvements.

- Lukas

More information about the pve-devel mailing list