code => sub {
my ($param) = @_;
+ my $role = $param->{roleid};
+
+ die "auto-generated role '$role' cannot be modified\n"
+ if PVE::AccessControl::role_is_special($role);
+
PVE::AccessControl::lock_user_config(
sub {
- my $role = $param->{roleid};
-
my $usercfg = cfs_read_file("user.cfg");
die "role '$role' does not exist\n"
returns => {
type => "object",
additionalProperties => 0,
- properties => {
- privs => get_standard_option('role-privs'),
- },
+ properties => PVE::AccessControl::create_priv_properties(),
},
code => sub {
my ($param) = @_;