[PVE-User] Virtual Manager management per user configuration
Dominik Csapak
d.csapak at proxmox.com
Thu Feb 20 08:04:13 CET 2020
On 2/20/20 7:35 AM, Kazim Koybasi wrote:
> Hello,
>
> We would like to give a virtual machine service to our users in our campus
> so that they can create their own virtual machine and see only their own
> virtual machine. I found that it is possible from command line or with root
> access from Proxmox interface. Is it possible to create an environment an
> give permission per user with Proxmox so that they can create and only see
> their own virtual machine?
>
Hi,
this is not comfortably doable, for the following reasons
for creating a vm, a user has to have:
* allocate rights on the storage for the vm disks
(which will give him also rights to see/edit/destroy all other disks on
that storage)
* allocate rights on /vms/{ID} which you can create beforehand,
but there is not 'pool', iow the user has to use the assigned ids
additionally, there is no mechanism for limiting resources per user
(e.g. only some amount of cores)
also, when deleting the vm, the acls to that vm will also get removed,
meaning if you given a user the right to /vms/100 and he deletes
the vm 100, he no longer has the rights to it
finally, there is generally no concept of resource 'ownership' for
users only privileges and acls
if you can workaround/ignore/accept those issues, you should be fine,
otherwise i would suggest either using or creating a seperate
interface which handles all of that with the API[0]
(handling ownership, limiting api calls, etc)
hope this helps
regards
Dominik
0: https://pve.proxmox.com/wiki/Proxmox_VE_API
More information about the pve-user
mailing list