From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id 2CB39854C8 for ; Sat, 18 Dec 2021 11:41:23 +0100 (CET) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 16FFAC5D3 for ; Sat, 18 Dec 2021 11:40:53 +0100 (CET) Received: from mail.n8bird.eu (mail.n8bird.eu [IPv6:2a03:4000:6:5320::1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by firstgate.proxmox.com (Proxmox) with ESMTPS id 5648BC5C4 for ; Sat, 18 Dec 2021 11:40:52 +0100 (CET) Received: from [10.0.0.113] (p4fd0f530.dip0.t-ipconnect.de [79.208.245.48]) by mail.n8bird.eu (Postfix) with ESMTPSA id 47E9CF5078 for ; Sat, 18 Dec 2021 11:40:45 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=harrim4n.com; s=mail; t=1639824045; bh=BujdzpdeitAwzFYxY+9KZWuFWgUw/0402jbFBw2cYHk=; h=Date:Subject:To:References:From:In-Reply-To:From; b=Ce8gUc1mCcutJjiFg6OrshLS60F+k8gl33ABZ7BR49FtRe5DtKId9wireV8CyV6sI 52BjFYjJASXfWYS3rO1f2wtbe6Z/pqhC0nODCZKLOnmijjSlSM6VoWJ9yFJi2htiNe BjHIs/y0W6dWbV1y/FbU2j4vPSmUZ/XmwdkjmmgtVbwJuaoUGzMEce3tByxh6bdTEx H4IXb/YRjz2cBCR2oI/bVzg+MD4fegdSmPV2SHqqxLmpngm/79uYBXK8MGdiwmuyvh 738mRwhthbbMrakPULEr5jB7cTweNBT6BZrjbgFDRJmBMEFiSTLs69kEAnkosC/7GZ /YUic4wu3DUFnL82TxJgBD6ITbpQgBhk/hUAM0x17KsKS3bE0HLZ4jvBJhxgigAwLb mavUOX3N0Z6FQOo27YObs+Vl1eOHg/8OXrTWWAAOF00dm14d0l0n/dpMrZQ83owdeH 9jZW4V2rnoYA/v3czf7elSB9BL7wVakwOJaoRgK+vRrDjpJw6BZN7rAlCLAy+TbTnq omjCHQUiXmUAAFcBUo5lUtNQPDtKlgojDDczXOguEBDdw4WhgwOiAnptaFlOCpbfBu cuZEmiU11nTLlx97dAsVqwzECKV382ZimxJYiP+v+Yg2ZHr/uvwQ7gGwhCEq5pDtiW 2cZX+W8/MPK/Bgln46oXJ2Lw= Message-ID: Date: Sat, 18 Dec 2021 11:40:43 +0100 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.4.0 Content-Language: en-US To: Proxmox VE user list References: From: harrim4n In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-SPAM-LEVEL: Spam detection results: 0 BAYES_00 -1.9 Bayes spam probability is 0 to 1% DKIM_SIGNED 0.1 Message has a DKIM or DK signature, not necessarily valid DKIM_VALID -0.1 Message has at least one valid DKIM or DK signature DKIM_VALID_AU -0.1 Message has a valid DKIM or DK signature from author's domain DKIM_VALID_EF -0.1 Message has a valid DKIM or DK signature from envelope-from domain NICE_REPLY_A -1.716 Looks like a legit reply (A) SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Subject: Re: [PVE-User] Restricting users to only interacting with their own created VMs? X-BeenThere: pve-user@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox VE user list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 18 Dec 2021 10:41:23 -0000 Hi, the only "built-in" way that I know of is to use resource pools. Basically you create a resource pool for each user and they only have access to create VMs in that pool. All other users don't have access to that pool, so they can't access the VMs. You could probably also figure out a way to automatically manage the permissions via the API, i.e., detect which user cloned a VM via the clone task, then automatically remove access for that specific VM ID for all other users (or set the default so that no one has access permissions and only grant them for that specific user). Although I'm not sure of the top of my head if the permissions can be set up so that users can clone a VM/template to create a new one without requiring access to it. On 18.12.21 07:27, Victor Hooi via pve-user wrote: > Hi, > > We have a test environment setup with various shared templates (e.g. > Windows 7, Windows 8.1, Windows 10) etc. > > We have a number of users who login, clone those templates, and do their > own testing on their own VMs. > > What's the easiest way to restrict users to only interacting with VMs > created by themselves? > > Thanks! > _______________________________________________ > pve-user mailing list > pve-user@lists.proxmox.com > https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-user