src/config/acl.rs: introduce more/better datastore privileges

[proxmox-backup.git] / src / config / acl.rs

diff --git a/src/config/acl.rs b/src/config/acl.rs
index b1a669898a66bc50c9ebec75317e2a274670ece2..2cae1c741a6610e464c7210019e1c0ddbc5bc958 100644 (file)
--- a/src/config/acl.rs
+++ b/src/config/acl.rs
@@ -16,10 +16,12 @@ pub const PRIV_SYS_MODIFY: u64                   = 1 << 1;
 pub const PRIV_SYS_POWER_MANAGEMENT: u64         = 1 << 2;
 
 pub const PRIV_DATASTORE_AUDIT: u64              = 1 << 3;
-pub const PRIV_DATASTORE_MODIFY: u64           = 1 << 4;
-pub const PRIV_DATASTORE_ALLOCATE_SPACE: u64     = 1 << 5;
+pub const PRIV_DATASTORE_MODIFY: u64             = 1 << 4;
+pub const PRIV_DATASTORE_CREATE_BACKUP: u64      = 1 << 5;
+pub const PRIV_DATASTORE_READ: u64               = 1 << 6;
+pub const PRIV_DATASTORE_PRUNE: u64              = 1 << 7;
 
-pub const PRIV_PERMISSIONS_MODIFY: u64           = 1 << 6;
+pub const PRIV_PERMISSIONS_MODIFY: u64           = 1 << 8;
 
 pub const ROLE_ADMIN: u64 = std::u64::MAX;
 pub const ROLE_NO_ACCESS: u64 = 0;
@@ -31,13 +33,16 @@ PRIV_DATASTORE_AUDIT;
 pub const ROLE_DATASTORE_ADMIN: u64 =
 PRIV_DATASTORE_AUDIT |
 PRIV_DATASTORE_MODIFY |
-PRIV_DATASTORE_ALLOCATE_SPACE;
+PRIV_DATASTORE_CREATE_BACKUP |
+PRIV_DATASTORE_READ |
+PRIV_DATASTORE_PRUNE;
 
 pub const ROLE_DATASTORE_USER: u64 =
-PRIV_DATASTORE_AUDIT |
-PRIV_DATASTORE_ALLOCATE_SPACE;
+PRIV_DATASTORE_CREATE_BACKUP;
+
+pub const ROLE_DATASTORE_AUDIT: u64 =
+PRIV_DATASTORE_AUDIT;
 
-pub const ROLE_DATASTORE_AUDIT: u64 = PRIV_DATASTORE_AUDIT;
 pub const ROLE_NAME_NO_ACCESS: &str ="NoAccess";
 
 lazy_static! {