* [pbs-devel] [PATCH pbs-docs 3/4] Add section describing acl tool
@ 2020-08-18 10:51 Dylan Whyte
0 siblings, 0 replies; only message in thread
From: Dylan Whyte @ 2020-08-18 10:51 UTC (permalink / raw)
To: pbs-devel
This adds a section how to use the acl subcommand
to manage user access control
Signed-off-by: Dylan Whyte <d.whyte@proxmox.com>
---
docs/administration-guide.rst | 29 +++++++++++++++++++++++++++++
1 file changed, 29 insertions(+)
diff --git a/docs/administration-guide.rst b/docs/administration-guide.rst
index 2be49575..5a2838a5 100644
--- a/docs/administration-guide.rst
+++ b/docs/administration-guide.rst
@@ -374,6 +374,35 @@ following roles exist:
**RemoteSyncOperator**
Is allowed to read data from a remote.
+You can use the ``acl`` subcommand to manage and monitor user permissions. For
+example, the command below will add the user ``john@pbs`` as a
+**DatastoreAdmin** for the data store ``store1``, located at ``/backup/disk1/store1``:
+
+.. code-block:: console
+
+ # proxmox-backup-manager acl update /datastore/store1 DatastoreAdmin --userid john@pbs
+
+You can monitor the roles of each user using the following command:
+
+.. code-block:: console
+
+ # proxmox-backup-manager acl list
+ ┌──────────┬──────────────────┬───────────┬────────────────┐
+ │ ugid │ path │ propagate │ roleid │
+ ╞══════════╪══════════════════╪═══════════╪════════════════╡
+ │ john@pbs │ /datastore/disk1 │ 1 │ DatastoreAdmin │
+ └──────────┴──────────────────┴───────────┴────────────────┘
+
+A single user can be assigned multiple permission sets for different data stores.
+
+.. Note::
+ Naming convention is important here. For data stores on the host,
+ you must use the convention ``/datastore/{storename}``. For example, to set
+ permissions for a data store mounted at ``/mnt/backup/disk4/store2``, you would use
+ ``/datastore/store2`` for the path. For remote stores, use the convention
+ ``/remote/{remote}/{storename}``, where ``{remote}`` signifies the name of the
+ remote (see `Remote` below) and ``{storename}`` is the name of the data store on
+ the remote.
:term:`Remote`
~~~~~~~~~~~~~~
--
2.20.1
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2020-08-18 10:52 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-08-18 10:51 [pbs-devel] [PATCH pbs-docs 3/4] Add section describing acl tool Dylan Whyte
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.