X-Git-Url: https://git.proxmox.com/?p=pve-access-control.git;a=blobdiff_plain;f=PVE%2FRPCEnvironment.pm;h=eb7b3c7645da60ca19106f5ec0281b9da2b13224;hp=faa4fb2486e8ad5d5896cf862c1afe7da6154c8e;hb=e5ae548727ea87783f1f6bfaac9181133981d2e9;hpb=37d6e4772e66797c299e70d8b91436479fc4c96a

diff --git a/PVE/RPCEnvironment.pm b/PVE/RPCEnvironment.pm
index faa4fb2..eb7b3c7 100644
--- a/PVE/RPCEnvironment.pm
+++ b/PVE/RPCEnvironment.pm
@@ -295,7 +295,12 @@ sub check_volume_access {
 	($path, $ownervm, $vtype) = PVE::Storage::path($storecfg, $volid);
 	if ($vtype eq 'iso' || $vtype eq 'vztmpl') {
 	    # we simply allow access 
-	} elsif (!$ownervm || ($ownervm != $vmid)) {
+	} elsif (defined($ownervm) && defined($vmid) && ($ownervm == $vmid)) {
+	    # we are owner - allow access 
+	} elsif ($vtype eq 'backup' && $ownervm) {
+	    $self->check($user, "/storage/$sid", ['Datastore.AllocateSpace']);
+	    $self->check($user, "/vms/$ownervm", ['VM.Backup']);
+	} else {
 	    # allow if we are Datastore administrator
 	    $self->check($user, "/storage/$sid", ['Datastore.Allocate']);
 	}