new privilege VM.Backup

[pve-access-control.git] / PVE / AccessControl.pm

diff --git a/PVE/AccessControl.pm b/PVE/AccessControl.pm
index ddad2c7743ac037040307522b77249ebf14f34cf..3cae437bb39d6179bcad847bea42e476a4cd925e 100644 (file)
--- a/PVE/AccessControl.pm
+++ b/PVE/AccessControl.pm
@@ -548,12 +548,20 @@ my $privgroups = {
     VM => {
        root => [],
        admin => [           
-           'VM.Modify', 
+           'VM.Config.Disk', 
+           'VM.Config.CDROM', # change CDROM media
+           'VM.Config.CPU', 
+           'VM.Config.Memory', 
+           'VM.Config.Network', 
+           'VM.Config.HWType',
+           'VM.Config.Options', # covers all other things 
            'VM.Allocate', 
            'VM.Migrate',
+           'VM.Monitor', 
        ],
        user => [
            'VM.Console', 
+           'VM.Backup',
            'VM.PowerMgmt',
        ],
        audit => [ 
@@ -579,6 +587,7 @@ my $privgroups = {
        root => [],
        admin => [
            'Datastore.Allocate',
+           'Datastore.AllocateTemplate',
        ],
        user => [
            'Datastore.AllocateSpace',
@@ -599,6 +608,14 @@ my $privgroups = {
        user => [],
        audit => [],
     },
+    Pool => {
+       root => [],
+       admin => [
+           'Pool.Allocate', # create/delete pools
+       ],
+       user => [],
+       audit => [],
+    },
 };
 
 my $valid_privs = {};