projects
/
pve-access-control.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
add more privileges, improve docs
[pve-access-control.git]
/
PVE
/
AccessControl.pm
diff --git
a/PVE/AccessControl.pm
b/PVE/AccessControl.pm
index
0dce3e6
..
47b010f
100644
(file)
--- a/
PVE/AccessControl.pm
+++ b/
PVE/AccessControl.pm
@@
-548,16
+548,23
@@
my $privgroups = {
VM => {
root => [],
admin => [
VM => {
root => [],
admin => [
- 'VM.Modify',
+ 'VM.Config.Disk',
+ 'VM.Config.CDROM',
+ 'VM.Config.CPU',
+ 'VM.Config.Memory',
+ 'VM.Config.Network',
+ 'VM.Config.HWType',
+ 'VM.Config.Options', # covers all other things
'VM.Allocate',
'VM.Migrate',
'VM.Allocate',
'VM.Migrate',
+ 'VM.Monitor',
],
user => [
'VM.Console',
'VM.PowerMgmt',
],
audit => [
],
user => [
'VM.Console',
'VM.PowerMgmt',
],
audit => [
- 'VM.Audit'
+ 'VM.Audit'
,
],
},
Sys => {
],
},
Sys => {
@@
-588,10
+595,21
@@
my $privgroups = {
],
},
User => {
],
},
User => {
- root => [],
+ root => [
+ 'Realm.Allocate',
+ ],
admin => [
'User.Modify',
admin => [
'User.Modify',
- 'User.Allocate',
+ 'Group.Allocate', # edit/change group settings
+ 'Realm.AllocateUser',
+ ],
+ user => [],
+ audit => [],
+ },
+ Pool => {
+ root => [],
+ admin => [
+ 'Pool.Allocate', # create/delete pools
],
user => [],
audit => [],
],
user => [],
audit => [],
projects / pve-access-control.git / blobdiff