From 8df51d4852f03b6ae8e9b67bbfe0c838610de3a1 Mon Sep 17 00:00:00 2001 From: Dietmar Maurer Date: Sat, 2 May 2020 16:40:20 +0200 Subject: [PATCH] administration-guide.rst: add role definitions --- docs/administration-guide.rst | 40 ++++++++++++++++++++++++++++++++++- 1 file changed, 39 insertions(+), 1 deletion(-) diff --git a/docs/administration-guide.rst b/docs/administration-guide.rst index d065092b..bbd128f7 100644 --- a/docs/administration-guide.rst +++ b/docs/administration-guide.rst @@ -258,10 +258,48 @@ Or completely remove the users with: # proxmox-backup-manager user remove john@pbs - Access Control ~~~~~~~~~~~~~~ +Users do not have any permission by default. Instead you need to +specify what is allowed and what not. You can do this by assigning +roles to users on specific objects like datastores or remotes. The +following roles exist: + +**Admin** + The Administrator can do anything. + +**Audit** + An Auditor can view things, but is not allowed to change settings. + +**NoAccess** + Disable Access - nothing is allowed. + +**DatastoreAdmin** + Can do anything on datastores. + +**DatastoreAudit** + Can view datastore settings and list content. But + is not allowed to read the actual data. + +**DataStoreReader** + Can Inspect datastore content and can do restores. + +**DataStoreBackup** + Can backup and restore owned backups. + +**DatastorePowerUser** + Can backup, restore, and prune owned backups. + +**RemoteAdmin** + Can do anything on remotes. + +**RemoteAudit** + Can view remote settings. + +**RemoteSyncOperator** + Is allowed to read data from a remote. + Backup Client usage