From: "Fabian Grünbichler" <f.gruenbichler@proxmox.com>
To: Proxmox VE development discussion <pve-devel@lists.proxmox.com>
Subject: Re: [pve-devel] [PATCH access-control 1/1] fix #3402: add Pool.Audit permission
Date: Fri, 30 Apr 2021 13:27:42 +0200 [thread overview]
Message-ID: <1619781642.v0a91lmmox.astroid@nora.none> (raw)
In-Reply-To: <20210429094853.51768-1-l.stechauner@proxmox.com>
On April 29, 2021 11:48 am, Lorenz Stechauner wrote:
> Signed-off-by: Lorenz Stechauner <l.stechauner@proxmox.com>
> ---
> PVE/AccessControl.pm | 8 ++++++--
> README | 1 +
> 2 files changed, 7 insertions(+), 2 deletions(-)
>
> diff --git a/PVE/AccessControl.pm b/PVE/AccessControl.pm
> index f7d4e78..888875e 100644
> --- a/PVE/AccessControl.pm
> +++ b/PVE/AccessControl.pm
> @@ -819,8 +819,12 @@ my $privgroups = {
> admin => [
> 'Pool.Allocate', # create/delete pools
> ],
> - user => [],
> - audit => [],
> + user => [
> + 'Pool.Audit',
> + ],
this hunk actually causes a new built-in "PVEUser" role to be defined..
I am not sure whether it's worth it (probably PVEAuditor already serves
that niche for almost all use-cases). but if we include it, then this
requires a pve-docs patch as well ;) users might also already have a
custom role named like that, so potentially defer to 7.0 as breaking
change?
> + audit => [
> + 'Pool.Audit',
> + ],
> },
> };
>
> diff --git a/README b/README
> index 33643a6..698b7a8 100644
> --- a/README
> +++ b/README
> @@ -96,6 +96,7 @@ privileges:
> VM.Config.Options: modify any other VM configuration
>
> Pool.Allocate: create/remove/modify a pool.
> + Pool.Audit: view/browse pool
>
> Datastore.Allocate: create/remove/modify a data store.
> Datastore.AllocateSpace: allocate space on a datastore
> --
> 2.20.1
>
>
> _______________________________________________
> pve-devel mailing list
> pve-devel@lists.proxmox.com
> https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
>
>
>
next prev parent reply other threads:[~2021-04-30 11:27 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-04-29 9:48 [pve-devel] SPAM: [PATCH-SERIES access-contorl/manager] " Lorenz Stechauner
2021-04-29 9:48 ` [pve-devel] [PATCH access-control 1/1] " Lorenz Stechauner
2021-04-30 11:27 ` Fabian Grünbichler [this message]
2021-04-29 9:49 ` [pve-devel] [PATCH manager " Lorenz Stechauner
2021-04-30 11:27 ` Fabian Grünbichler
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1619781642.v0a91lmmox.astroid@nora.none \
--to=f.gruenbichler@proxmox.com \
--cc=pve-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox