[PVE-User] Virtual Manager management per user configuration

[Dominik Csapak]

On 2/20/20 7:35 AM, Kazim Koybasi wrote:
> Hello,
> 
> We would like to give a virtual machine service to our users in our campus
> so that they can create their own virtual machine and see only their own
> virtual machine. I found that it is possible from command line or with root
> access from Proxmox interface.  Is it possible to create an environment an
> give permission per user with Proxmox so that they can create and only see
> their own virtual machine?
> 

Hi,

this is not comfortably doable, for the following reasons

for creating a vm, a user has to have:
* allocate rights on the storage for the vm disks
(which will give him also rights to see/edit/destroy all other disks on 
that storage)
* allocate rights on /vms/{ID} which you can create beforehand,
but there is not 'pool', iow the user has to use the assigned ids

additionally, there is no mechanism for limiting resources per user
(e.g. only some amount of cores)

also, when deleting the vm, the acls to that vm will also get removed,
meaning if you given a user the right to /vms/100 and he deletes
the vm 100, he no longer has the rights to it

finally, there is generally no concept of resource 'ownership' for
users only privileges and acls

if you can workaround/ignore/accept those issues, you should be fine,
otherwise i would suggest either using or creating a seperate
interface which handles all of that with the API[0]
(handling ownership, limiting api calls, etc)

hope this helps
regards

Dominik

0: https://pve.proxmox.com/wiki/Proxmox_VE_API