git.proxmox.com Git - pve-manager-legacy.git/commit

author	Thomas Lamprecht <t.lamprecht@proxmox.com>
	Mon, 8 Feb 2016 13:51:38 +0000 (14:51 +0100)
committer	Dietmar Maurer <dietmar@proxmox.com>
	Fri, 12 Feb 2016 07:22:16 +0000 (08:22 +0100)
commit	ad3c4730cb71df2d5cbe3fcb927bb5490efbcba6
tree	43d1dfdbe7de523edaa1ffd914f99144beb2def3	tree
parent	df0f595f229a7b9c05a1e82619cd6b44bfb8b3cb	commit \| diff

add permissions to allow non root ceph configuration

Do not only allow root@pam to admin ceph server as some user do not
want to allow root logins and users with the Sys.Modify permission
should be able to modify ceph related stuff.

We use basically the following permissions:
Sys.Modify:
    for any delete, add, modify action (POST, PUT, DELETE)
Sys.Audit and Datastore.Audit:
    for any status/information view action (GET)
Sys.Log:
    for viewing the Ceph log (was already implemented)

We have two exceptions creating and destroying osds. Those may only
be done by 'root@pam' for security reasons.

Also show users with any of those capabilities the ceph tab in the
web GUI.

Addresses bug#818

PVE/API2/Ceph.pm		diff \| blob \| blame \| history
www/manager/node/Config.js		diff \| blob \| blame \| history