From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id 9552A9358A for ; Wed, 4 Jan 2023 16:17:44 +0100 (CET) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 70D4620926 for ; Wed, 4 Jan 2023 16:17:14 +0100 (CET) Received: from mail.shelldog.de (mail.shelldog.de [37.120.183.226]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by firstgate.proxmox.com (Proxmox) with ESMTPS for ; Wed, 4 Jan 2023 16:17:13 +0100 (CET) Received: from roundcube.shelldog.de (unknown [10.0.3.11]) by mail.shelldog.de (Postfix) with ESMTPSA id D9D5313912F for ; Wed, 4 Jan 2023 16:10:00 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=shelldog.de; s=default; t=1672845000; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=0fpNSnuxz6J6TpRtu5yGB0xPlomlIZKecoFs+oi1L3w=; b=bLgQxzvUG6pguEQmt/B7oyfy+R5PHrGHnRNvXSpWti2pu5KDg9bFBt9AhXyagATCaHjF0b 9jM/+jr0itCF1KJ4+qFWyaMkXEhZBObxsE+QMXzAzFeSdbxMnE2PvPlVvQvS+IDxwaXJUT Jo0vuaRgukA7/d78z3/3GN63RPl5Pa8= MIME-Version: 1.0 Date: Wed, 04 Jan 2023 16:10:00 +0100 From: Sven Scholle To: pve-devel@lists.proxmox.com User-Agent: Roundcube Webmail/1.4.13 Message-ID: <0c01739ac2da8649dd9f96cc374ce84b@shelldog.de> X-Sender: sven@shelldog.de Content-Type: text/plain; charset=US-ASCII; format=flowed Content-Transfer-Encoding: 7bit X-SPAM-LEVEL: Spam detection results: 2 BAYES_00 -1.9 Bayes spam probability is 0 to 1% DKIM_SIGNED 0.1 Message has a DKIM or DK signature, not necessarily valid DKIM_VALID -0.1 Message has at least one valid DKIM or DK signature DKIM_VALID_AU -0.1 Message has a valid DKIM or DK signature from author's domain DKIM_VALID_EF -0.1 Message has a valid DKIM or DK signature from envelope-from domain KAM_SOMETLD_ARE_BAD_TLD 5 .bar, .beauty, .buzz, .cam, .casa, .cfd, .club, .date, .guru, .link, .live, .online, .press, .pw, .quest, .rest, .sbs, .shop, .stream, .top, .trade, .work, .xyz TLD abuse SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record WEIRD_PORT 0.001 Uses non-standard port number for HTTP Subject: [pve-devel] Empty list as response of an API-endpoint X-BeenThere: pve-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox VE development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 04 Jan 2023 15:17:44 -0000 Hi, I have a problem regarding the API rights management. The following request returns an empty array when issued using a token with the role PVEAuditor: 'pve.foo.bar:8006/api2/json/nodes/{}/storage/{}/content?content=backup&vmid={}'.format(node, storage, vmid) When I disable privilege seperation or use the role Administrator, I will receive the content in the storage mathing the filters above. Those permissions do not seem to be sufficient: "Sys.Audit Sys.Syslog Pool.Audit VM.Audit Datastore.Audit" Using the permissions above, I'd expect to be granted to use the API-call above. I also tried "VM.Backup", but that didn't do the trick. Did I forget a permission or is there a bug? Used Proxmox-VE-Version: 7.2-1 Thanks! Regards Sven