Hi, i've changed the tasks permission to VM.Audit instead of Sys.Audit ;-) More a hack but i like it that way. To me it's OK if somebody has VM.Audit on / to see all tasks.
Stefan Am 08.01.2014 18:35, schrieb Dietmar Maurer: > One idea that comes in mind is to use something like: > > pveum aclmod /access/groups/vmadmins -group vmadmins -role PVEAudit > > ... > >> -----Original Message----- >> From: Dietmar Maurer >> Sent: Mittwoch, 08. Jänner 2014 17:37 >> To: 'Stefan Priebe - Profihost AG'; [email protected] >> Subject: RE: [pve-devel] User rights >> >>> I've group @vmadmins these have the Role PVEVMAdmin everthing is fine >>> except that they only see their own tasks. But i would like to see >>> them all tasks so they know of each other and who is doing what kind of >> things. >>> >>> I then thought i will give them PVEAuditor too but then they're able >>> to see all groups, users, storage and set options. >>> >>> What is the right way to archieve this? >> >> Our permission system works on resources (VMs, storages). But in general, our >> tasks only include information about users, so what you try to do is not >> possible. >> >> Some task includes the resource they work on, for example most VM related >> tasks includes the VM ID. That way it is possible to view the VM 'Task >> History' - >> all your @vmadmins should be able to see that? > > _______________________________________________ pve-devel mailing list [email protected] http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
