From: "Fabian Grünbichler" <f.gruenbichler@proxmox.com>
To: pbs-devel@lists.proxmox.com
Subject: [pbs-devel] [PATCH proxmox-backup 3/3] docs: extend managing remotes
Date: Mon, 2 Nov 2020 11:48:11 +0100 [thread overview]
Message-ID: <20201102104811.1315280-3-f.gruenbichler@proxmox.com> (raw)
In-Reply-To: <20201102104811.1315280-1-f.gruenbichler@proxmox.com>
with information about required privileges and limitations
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
---
docs/managing-remotes.rst | 13 +++++++++++++
1 file changed, 13 insertions(+)
diff --git a/docs/managing-remotes.rst b/docs/managing-remotes.rst
index e8495db1..382ca84d 100644
--- a/docs/managing-remotes.rst
+++ b/docs/managing-remotes.rst
@@ -79,4 +79,17 @@ either start it manually on the GUI or provide it with a schedule (see
└────────────┴───────┴────────┴──────────────┴───────────┴─────────┘
# proxmox-backup-manager sync-job remove pbs2-local
+For setting up sync jobs, the configuring user needs the following permissions:
+#. ``Remote.Read`` on the ``/remote/{remote}/{remote-store}`` path
+#. at least ``Datastore.Backup`` on the local target datastore (``/datastore/{store}``)
+
+If the ``remove-vanished`` option is set, ``Datastore.Prune`` is required on
+the local datastore as well. If the ``owner`` option is not set (defaulting to
+``backup@pam``) or set to something other than the configuring user,
+``Datastore.Modify`` is required as well.
+
+.. note:: A sync job can only sync backup groups that the configured remote's
+ user/API token can read. If a remote is configured with a user/API token that
+ only has ``Datastore.Backup`` privileges, only the limited set of accessible
+ snapshots owned by that user/API token can be synced.
--
2.20.1
next prev parent reply other threads:[~2020-11-02 10:48 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-11-02 10:48 [pbs-devel] [PATCH proxmox-backup 1/3] user.cfg/user info: add test constructors Fabian Grünbichler
2020-11-02 10:48 ` [pbs-devel] [PATCH proxmox-backup 2/3] sync: add access check tests Fabian Grünbichler
2020-11-02 10:48 ` Fabian Grünbichler [this message]
2020-11-02 20:17 ` [pbs-devel] applied-series: [PATCH proxmox-backup 1/3] user.cfg/user info: add test constructors Thomas Lamprecht
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20201102104811.1315280-3-f.gruenbichler@proxmox.com \
--to=f.gruenbichler@proxmox.com \
--cc=pbs-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox