VM => {
root => [],
admin => [
- 'VM.Modify',
+ 'VM.Config.Disk',
+ 'VM.Config.CDROM', # change CDROM media
+ 'VM.Config.CPU',
+ 'VM.Config.Memory',
+ 'VM.Config.Network',
+ 'VM.Config.HWType',
+ 'VM.Config.Options', # covers all other things
'VM.Allocate',
'VM.Migrate',
+ 'VM.Monitor',
],
user => [
'VM.Console',
+ 'VM.Backup',
'VM.PowerMgmt',
],
audit => [
root => [],
admin => [
'Datastore.Allocate',
+ 'Datastore.AllocateTemplate',
],
user => [
'Datastore.AllocateSpace',
user => [],
audit => [],
},
+ Pool => {
+ root => [],
+ admin => [
+ 'Pool.Allocate', # create/delete pools
+ ],
+ user => [],
+ audit => [],
+ },
};
my $valid_privs = {};