From c0fead8c981e6891799f28ed4cff87f50d6d3f7a Mon Sep 17 00:00:00 2001
From: Dietmar Maurer <dietmar@proxmox.com>
Date: Wed, 1 Feb 2012 13:26:21 +0100
Subject: [PATCH 1/1] add more privileges, improve docs

---
 PVE/AccessControl.pm |  9 ++++++++-
 README               | 23 ++++++++++++++++++++---
 2 files changed, 28 insertions(+), 4 deletions(-)

diff --git a/PVE/AccessControl.pm b/PVE/AccessControl.pm
index 86c15fd..47b010f 100644
--- a/PVE/AccessControl.pm
+++ b/PVE/AccessControl.pm
@@ -548,9 +548,16 @@ my $privgroups = {
     VM => {
 	root => [],
 	admin => [	     
-	    'VM.Modify', 
+	    'VM.Config.Disk', 
+	    'VM.Config.CDROM', 
+	    'VM.Config.CPU', 
+	    'VM.Config.Memory', 
+	    'VM.Config.Network', 
+	    'VM.Config.HWType',
+	    'VM.Config.Options', # covers all other things 
 	    'VM.Allocate', 
 	    'VM.Migrate',
+	    'VM.Monitor', 
 	],
 	user => [
 	    'VM.Console', 
diff --git a/README b/README
index a2ec7f1..2619720 100644
--- a/README
+++ b/README
@@ -64,6 +64,13 @@ group:
 	user_list: list of login names
 	comment: a more verbose description
 
+pool:
+
+	pool_name: the name of the pool
+	comment: a more verbose description
+	vm_list: list of VMs associated with the pool
+	storage_list: list of storage IDs associated with the pool
+
 privileges: 
 
 	defines rights required to execute actions or read
@@ -73,8 +80,20 @@ privileges:
 	VM.Migrate: migrate VM to alternate server on cluster
    	VM.PowerMgmt: power management (start, stop, reset, shutdown, ...)
 	VM.Console: console access to VM
+	VM.Monitor: access to VM monitor (kvm)
 	VM.Audit: view VM config
-	VM.Modify: modify VM config
+
+	VM.Config.XXX: modify VM config
+
+	  VM.Config.Disk: add/modify/delete Disks 
+	  VM.Config.CDROM: eject/change CDROM
+	  VM.Config.CPU: modify CPU settings
+	  VM.Config.Memory: modify Memory settings
+	  VM.Config.Network: add/modify/delete Network devices
+	  VM.Config.HWType: modify emulated HW type
+	  VM.Config.Options: modify any other VM configuration 
+
+	Pool.Allocate: create/remove/modify a pool.
 
 	Datastore.Allocate: create/remove/modify a data store.
 	Datastore.AllocateSpace: allocate space on a datastore
@@ -93,14 +112,12 @@ privileges:
 
 	VM.Create: create new VM to server inventory
 	VM.Remove: remove VM from inventory
-	VM.MemoryModify: modify memory associated with VM
 	VM.AddNewDisk: add new disk to VM
 	VM.AddExistingDisk: add an existing disk to VM
 	VM.DiskModify: modify disk space for associated VM
 	VM.UseRawDevice: associate a raw device with VM
 	VM.PowerOn: power on VM
 	VM.PowerOff: power off VM
-	VM.ConfigureCD: assign a device/image file to VM
 	VM.CpuModify: modify number of CPUs associated with VM
 	VM.CpuCyclesModify: modify CPU cycles for VM
 	VM.NetworkAdd: add network device to VM
-- 
2.39.2