[pve-devel] Pool View

Andrew Thrift andrew at networklabs.co.nz
Mon Aug 11 07:03:19 CEST 2014


Hi Dietmar,

It can be literally any permission.  If a user has any permission on a
pool, that pool will appear to them in the "Pool View".

Typically we will assign a user to a group for the pool, so if we have a
pool called CUSTOMER1 we will create a group called "CUSTOMER1_Admins" this
group then has the "PVEVMUser" permission on the "CUSTOMER1" pool.

This means that unless a user has some form of permission on a pool they
will not even see it in the pool view.

I hope this clarifies it.  If not I am happy to do a live demo of the patch
in operation.


Regards,




Andrew






On Mon, Aug 11, 2014 at 4:56 PM, Dietmar Maurer <dietmar at proxmox.com> wrote:

> > We needed to do it this way, as the standard behavior in Proxmox is that
> the
> > user needs VM.Allocate or Pool.Allocate permissions to even view the
> contents
> > of a pool.
> >
> > With the "Pool View" we needed users to be able to view the contents of
> a Pool
> > without these specific permissions, so our quick fix was to bypass the
> > requirement for these specific permissions and just check for *any* valid
> > permission on a pool.  So if a user has any permissions on a pool, it
> will appear
> > for them in the "Pool View"
>
> I would really help me to understand the issue if you post all details. So
> what permission
> on the pool do you assign (besides VM.Allocate or Pool.Allocate)?
>
> Maybe you can post an example config (user.cfg)
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.proxmox.com/pipermail/pve-devel/attachments/20140811/f5f81d50/attachment.htm>


More information about the pve-devel mailing list