~~~~~~~~~~~~~~~~~
Access permissions are assigned to objects, such as a virtual machines
-('/vms/{vmid}') or a storage ('/storage/{storeid}') or a pool of
-resources ('/pool/{poolname}'). We use filesystem like paths to
+('/vms/\{vmid\}') or a storage ('/storage/\{storeid\}') or a pool of
+resources ('/pool/\{poolname\}'). We use filesystem like paths to
address those objects. Those paths form a natural tree, and
permissions can be inherited down that hierarchy.
What permission do I need?
^^^^^^^^^^^^^^^^^^^^^^^^^^
-The required API permissions are documented for each individual method, and can be found at http://pve.proxmox.com/pve2-api-doc/
+
+The required API permissions are documented for each individual
+method, and can be found at http://pve.proxmox.com/pve-docs/api-viewer/
Pools
~~~~~
Pools can be used to group a set of virtual machines and data
-stores. You can then simply set permissions on pools ('/pool/{poolid}'),
+stores. You can then simply set permissions on pools ('/pool/\{poolid\}'),
which are inherited to all pool members. This is a great way simplify
access control.
pveum aclmod /access/realm/pve -user joe@pve -role PVEUserAdmin
pveum aclmod /access/groups/customers -user joe@pve -role PVEUserAdmin
-Note: The user is able to add other users, but only if they are
+NOTE: The user is able to add other users, but only if they are
members of group 'customers' and within realm 'pve'.
Pools
[source,bash]
pveum useradd developer1@pve -group developers -password
-Note: The -password parameter will prompt you for a password
+NOTE: The -password parameter will prompt you for a password
I assume we already created a pool called 'dev-pool' on the GUI. So we can now assign permission to that pool: