On September 3, 2020 12:36 pm, Tobias Guth wrote: > Hi, > > I have posted some issue on the pve forum regarding user permissions on > some pve hosts. > (https://forum.proxmox.com/threads/permission-set-for-specific-hosts.75138/) > > but no answer so far. > > I try to give some usergroup the permission to create/delete/modify > virtual machines on just 2 hosts of our cluster. > But I have no luck to configure the right permissions that this group > can not modify or delete virtual machines on the hosts. > There is no namespace like /vms/nodes or /vms/node1, just /vms.
permissions don't work on that level. you might be able to somewhat work around it (e.g., with a storage that is only available on a subset of nodes), but that is more of a hack than anything else. > Is there any way to configure this ? > > And one more question. Was exatly does the propagade option with > permissions ? > Does it mean to propagade given permissions through out the cluster ? propagate means set this role on subpaths as well, unless they have a more specific role set. e.g., if you give some role A to user X on path /vms with propagate set, and additionally give role B to user X on path /vms/123, user X is 'A' for all VMs except 123, where they are 'B'. on recent PVE versions, you can use 'pveum user permissions' to get a list of effective permissions, either for all paths with an ACL (also available as button in the User management GUI), or for a specific path. _______________________________________________ pve-user mailing list [email protected] https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-user
