[pve-devel] [PATCH v2 docs 09/12] reorder the roles section

Wolfgang Bumiller w.bumiller at proxmox.com
Wed Oct 5 11:48:53 CEST 2016 

As they provide an overview of predefined roles and give an
idea of what kind of permissions are available, they fit
better right after the new general permission introduction.
---
 pveum.adoc | 61 +++++++++++++++++++++++++++++++------------------------------
 1 file changed, 31 insertions(+), 30 deletions(-)

diff --git a/pveum.adoc b/pveum.adoc
index e11a2ed..f1abd94 100644
--- a/pveum.adoc
+++ b/pveum.adoc
@@ -198,6 +198,37 @@ role)', with the role containing a set of allowed actions, and the path
 representing the target of these actions.
 
 
+Roles
+~~~~~
+
+A role is simply a list of privileges. Proxmox VE comes with a number
+of predefined roles which satisfies most needs.
+
+* `Administrator`: has all privileges
+* `NoAccess`: has no privileges (used to forbid access)
+* `PVEAdmin`: can do most things, but miss rights to modify system settings (`Sys.PowerMgmt`, `Sys.Modify`, `Realm.Allocate`).
+* `PVEAuditor`: read only access
+* `PVEDatastoreAdmin`: create and allocate backup space and templates
+* `PVEDatastoreUser`: allocate backup space and view storage
+* `PVEPoolAdmin`: allocate pools
+* `PVESysAdmin`: User ACLs, audit, system console and system logs
+* `PVETemplateUser`: view and clone templates
+* `PVEUserAdmin`: user administration
+* `PVEVMAdmin`: fully administer VMs
+* `PVEVMUser`: view, backup, config CDROM, VM console, VM power management
+
+You can see the whole set of predefined roles on the GUI.
+
+Adding new roles can currently only be done from the command line, like
+this:
+
+[source,bash]
+----
+pveum roleadd PVE_Power-only -privs "VM.PowerMgmt VM.Console"
+pveum roleadd Sys_Power-only -privs "Sys.PowerMgmt Sys.Console"
+----
+
+
 Objects and Paths
 ~~~~~~~~~~~~~~~~~
 
@@ -258,36 +289,6 @@ Storage related privileges::
 * `Datastore.Audit`: view/browse a datastore
 
 
-Roles
-~~~~~
-
-A role is simply a list of privileges. Proxmox VE comes with a number
-of predefined roles which satisfies most needs.
-
-* `Administrator`: has all privileges
-* `NoAccess`: has no privileges (used to forbid access)
-* `PVEAdmin`: can do most things, but miss rights to modify system settings (`Sys.PowerMgmt`, `Sys.Modify`, `Realm.Allocate`).
-* `PVEAuditor`: read only access
-* `PVEDatastoreAdmin`: create and allocate backup space and templates
-* `PVEDatastoreUser`: allocate backup space and view storage
-* `PVEPoolAdmin`: allocate pools
-* `PVESysAdmin`: User ACLs, audit, system console and system logs
-* `PVETemplateUser`: view and clone templates
-* `PVEUserAdmin`: user administration
-* `PVEVMAdmin`: fully administer VMs
-* `PVEVMUser`: view, backup, config CDROM, VM console, VM power management
-
-You can see the whole set of predefined roles on the GUI.
-
-Adding new roles using the CLI:
-
-[source,bash]
-----
-pveum roleadd PVE_Power-only -privs "VM.PowerMgmt VM.Console"
-pveum roleadd Sys_Power-only -privs "Sys.PowerMgmt Sys.Console"
-----
-
-
 Permissions
 ~~~~~~~~~~~
 
-- 
2.1.4

More information about the pve-devel mailing list