X-Git-Url: https://git.proxmox.com/?p=pve-docs.git;a=blobdiff_plain;f=pveum.adoc;h=95406c9874282224acd33e3583501b69a1df71e7;hp=9addcb7bc8827abfa77b81c0138e6ea24b52078c;hb=0d02df33f12a84b417a6806e0d3faa51d1ad7b53;hpb=b8eeec5219af1c38771b9ea5688511edd53e824e diff --git a/pveum.adoc b/pveum.adoc index 9addcb7..95406c9 100644 --- a/pveum.adoc +++ b/pveum.adoc @@ -1,7 +1,9 @@ +[[chapter_user_management]] ifdef::manvolnum[] -PVE({manvolnum}) -================ +pveum(1) +======== include::attributes.txt[] +:pve-toplevel: NAME ---- @@ -9,7 +11,7 @@ NAME pveum - Proxmox VE User Manager -SYNOPSYS +SYNOPSIS -------- include::pveum.1-synopsis.adoc[] @@ -18,11 +20,11 @@ include::pveum.1-synopsis.adoc[] DESCRIPTION ----------- endif::manvolnum[] - ifndef::manvolnum[] User Management =============== include::attributes.txt[] +:pve-toplevel: endif::manvolnum[] // Copied from pve wiki: Revision as of 16:10, 27 October 2015 @@ -35,12 +37,13 @@ By using the role based user- and permission management for all objects (VMs, storages, nodes, etc.) granular access can be defined. +[[pveum_users]] Users ----- {pve} stores user attributes in `/etc/pve/user.cfg`. Passwords are not stored here, users are instead associated with -<> described below. +<> described below. Therefore a user is internally often identified by its name and realm in the form `@`. @@ -65,6 +68,7 @@ still be changed and system mails will be sent to the email address assigned to this user. +[[pveum_groups]] Groups ~~~~~~ @@ -74,7 +78,7 @@ to groups instead of using individual users. That way you will get a much shorter access control list which is easier to handle. -[[authentication-realms]] +[[pveum_authentication_realms]] Authentication Realms --------------------- @@ -183,6 +187,7 @@ https://developers.yubico.com/Software_Projects/YubiKey_OTP/YubiCloud_Validation host your own verification server]. +[[pveum_permission_management]] Permission Management --------------------- @@ -198,6 +203,7 @@ role)', with the role containing a set of allowed actions, and the path representing the target of these actions. +[[pveum_roles]] Roles ~~~~~ @@ -309,20 +315,6 @@ Some examples are: * `/access/realms/{realmid}`: Administrative access to realms -Permissions -~~~~~~~~~~~ - -Permissions are the way we control access to objects. In technical -terms they are simply a triple containing ``. This -concept is also known as access control lists. Each permission -specifies a subject (user or group) and a role (set of privileges) on -a specific path. - -When a subject requests an action on an object, the framework looks up -the roles assigned to that subject (using the object path). The set of -roles defines the granted privileges. - - Inheritance ^^^^^^^^^^^ @@ -335,6 +327,7 @@ by default). We use the following inheritance rules: * Permissions replace the ones inherited from an upper level. +[[pveum_pools]] Pools ~~~~~