encryption can be configured.
+[[pveum_tfa_auth]]
Two factor authentication
-------------------------
https://developers.yubico.com/Software_Projects/YubiKey_OTP/YubiCloud_Validation_Servers/[
host your own verification server].
+[[pveum_user_configured_totp]]
User configured TOTP authentication
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
recommended to test the configuration with multiple browsers, as changing the
'AppId' later will render existing 'U2F' registrations unusable.
+[[pveum_user_configured_u2f]]
Activating U2F as a user
~~~~~~~~~~~~~~~~~~~~~~~~
You can see the whole set of predefined roles on the GUI.
-Adding new roles can be done via both GUI and the command line, like
-this:
+Adding new roles can be done via both GUI and the command line.
+
+[thumbnail="screenshot/gui-datacenter-role-add.png"]
+For the GUI just navigate to 'Permissions -> User' Tab from 'Datacenter' and
+click on the 'Create' button, there you can set a name and select all desired
+roles from the 'Privileges' dropdown box.
+To add a role through the command line you can use the 'pveum' CLI tool, like
+this:
[source,bash]
----
pveum roleadd PVE_Power-only -privs "VM.PowerMgmt VM.Console"