X-Git-Url: https://git.proxmox.com/?p=pve-access-control.git;a=blobdiff_plain;f=PVE%2FAccessControl.pm;h=47b010f98eb0b00bfe5c89bc76c4ac92ff7f4a0b;hp=0dce3e62a0f3ad0760f8b2bde06af6ff23c385e0;hb=c0fead8c981e6891799f28ed4cff87f50d6d3f7a;hpb=39c85db819dc564e89270f6f6d15dbce79d0540b;ds=sidebyside

diff --git a/PVE/AccessControl.pm b/PVE/AccessControl.pm
index 0dce3e6..47b010f 100644
--- a/PVE/AccessControl.pm
+++ b/PVE/AccessControl.pm
@@ -548,16 +548,23 @@ my $privgroups = {
     VM => {
 	root => [],
 	admin => [	     
-	    'VM.Modify', 
+	    'VM.Config.Disk', 
+	    'VM.Config.CDROM', 
+	    'VM.Config.CPU', 
+	    'VM.Config.Memory', 
+	    'VM.Config.Network', 
+	    'VM.Config.HWType',
+	    'VM.Config.Options', # covers all other things 
 	    'VM.Allocate', 
 	    'VM.Migrate',
+	    'VM.Monitor', 
 	],
 	user => [
 	    'VM.Console', 
 	    'VM.PowerMgmt',
 	],
 	audit => [ 
-	    'VM.Audit' 
+	    'VM.Audit',
 	],
     },
     Sys => {
@@ -588,10 +595,21 @@ my $privgroups = {
 	],
     },
     User => {
-	root => [],
+	root => [
+	    'Realm.Allocate',
+	],
 	admin => [
 	    'User.Modify',
-	    'User.Allocate',
+	    'Group.Allocate', # edit/change group settings
+	    'Realm.AllocateUser', 
+	],
+	user => [],
+	audit => [],
+    },
+    Pool => {
+	root => [],
+	admin => [
+	    'Pool.Allocate', # create/delete pools
 	],
 	user => [],
 	audit => [],