Re: [PVE-User] Restricting users to only interacting with their own created VMs?

From: harrim4n <harrim4n@harrim4n.com>
To: Proxmox VE user list <pve-user@lists.proxmox.com>
Subject: Re: [PVE-User] Restricting users to only interacting with their own created VMs?
Date: Sat, 18 Dec 2021 11:40:43 +0100	[thread overview]
Message-ID: <ac8f8b4a-d1a5-9e25-50f1-4a8bb72c5505@harrim4n.com> (raw)
In-Reply-To: <mailman.152.1639808865.300.pve-user@lists.proxmox.com>

Hi,

the only "built-in" way that I know of is to use resource pools. 
Basically you create a resource pool for each user and they only have 
access to create VMs in that pool. All other users don't have access to 
that pool, so they can't access the VMs.
You could probably also figure out a way to automatically manage the 
permissions via the API, i.e., detect which user cloned a VM via the 
clone task, then automatically remove access for that specific VM ID for 
all other users (or set the default so that no one has access 
permissions and only grant them for that specific user). Although I'm 
not sure of the top of my head if the permissions can be set up so that 
users can clone a VM/template to create a new one without requiring 
access to it.

On 18.12.21 07:27, Victor Hooi via pve-user wrote:

> Hi,
>
> We have a test environment setup with various shared templates (e.g.
> Windows 7, Windows 8.1, Windows 10) etc.
>
> We have a number of users who login, clone those templates, and do their
> own testing on their own VMs.
>
> What's the easiest way to restrict users to only interacting with VMs
> created by themselves?
>
> Thanks!
> _______________________________________________
> pve-user mailing list
> pve-user@lists.proxmox.com
> https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-user