[[chapter_user_management]]
+
+[[user_mgmt]]
+
ifdef::manvolnum[]
pveum(1)
========
your information:
----
-pveum realm add myrealm2 --type openid --issuer-url https://your.server:8080/auth/realms/your-realm --client-id XXX --username-claim username
+pveum realm add myrealm2 --type openid --issuer-url https://your.server:8080/realms/your-realm --client-id XXX --username-claim username
----
Using `--username-claim username` enables simple usernames on the
* `VM.Config.Network`: add/modify/remove network devices
* `VM.Config.HWType`: modify emulated hardware types
* `VM.Config.Options`: modify any other VM configuration
+* `VM.Config.Cloudinit`: modify Cloud-init parameters
* `VM.Snapshot`: create/delete VM snapshots
Storage related privileges::
`Permissions.Modify` privilege or,
depending on the path, the following privileges as a possible substitute:
+
-* `/storage/...`: additionally requires 'Datastore.Allocate`
-* `/vms/...`: additionally requires 'VM.Allocate`
-* `/pool/...`: additionally requires 'Pool.Allocate`
+* `/storage/...`: requires 'Datastore.Allocate`
+* `/vms/...`: requires 'VM.Allocate`
+* `/pool/...`: requires 'Pool.Allocate`
+
If the path is empty, `Permission.Modify` on `/access` is required.