+[[chapter_user_management]]
ifdef::manvolnum[]
-PVE({manvolnum})
-================
+pveum(1)
+========
include::attributes.txt[]
+:pve-toplevel:
NAME
----
pveum - Proxmox VE User Manager
-SYNOPSYS
+SYNOPSIS
--------
include::pveum.1-synopsis.adoc[]
DESCRIPTION
-----------
endif::manvolnum[]
-
ifndef::manvolnum[]
User Management
===============
include::attributes.txt[]
+:pve-toplevel:
endif::manvolnum[]
// Copied from pve wiki: Revision as of 16:10, 27 October 2015
objects (VMs, storages, nodes, etc.) granular access can be defined.
+[[pveum_users]]
Users
-----
{pve} stores user attributes in `/etc/pve/user.cfg`.
Passwords are not stored here, users are instead associated with
-<<authentication-realms,authentication realms>> described below.
+<<pveum_authentication_realms,authentication realms>> described below.
Therefore a user is internally often identified by its name and
realm in the form `<userid>@<realm>`.
assigned to this user.
+[[pveum_groups]]
Groups
~~~~~~
much shorter access control list which is easier to handle.
-[[authentication-realms]]
+[[pveum_authentication_realms]]
Authentication Realms
---------------------
host your own verification server].
+[[pveum_permission_management]]
Permission Management
---------------------
representing the target of these actions.
+[[pveum_roles]]
Roles
~~~~~
* `/access/realms/{realmid}`: Administrative access to realms
-Permissions
-~~~~~~~~~~~
-
-Permissions are the way we control access to objects. In technical
-terms they are simply a triple containing `<path,user,role>`. This
-concept is also known as access control lists. Each permission
-specifies a subject (user or group) and a role (set of privileges) on
-a specific path.
-
-When a subject requests an action on an object, the framework looks up
-the roles assigned to that subject (using the object path). The set of
-roles defines the granted privileges.
-
-
Inheritance
^^^^^^^^^^^
* Permissions replace the ones inherited from an upper level.
+[[pveum_pools]]
Pools
~~~~~