On March 11, 2022 12:24 pm, Oguz Bektas wrote: > Signed-off-by: Oguz Bektas <o.bek...@proxmox.com> > --- > pveum.adoc | 4 +++- > 1 file changed, 3 insertions(+), 1 deletion(-) > > diff --git a/pveum.adoc b/pveum.adoc > index a5c8906..5ad111a 100644 > --- a/pveum.adoc > +++ b/pveum.adoc > @@ -684,7 +684,8 @@ Roles > A role is simply a list of privileges. Proxmox VE comes with a number > of predefined roles, which satisfy most requirements. > > -* `Administrator`: has full privileges > +* `SuperAdministrator`: has full privileges (equivalent to 'root@pam', be > careful when giving this role to a user!) > +* `Administrator`: has all privileges except `SuperUser`
I'd make the descriptions shorter and add the warnings as proper warnings. * `SuperAdministrator`: has full privileges including `SuperUser` > * `NoAccess`: has no privileges (used to forbid access) > * `PVEAdmin`: can do most tasks, but has no rights to modify system settings > (`Sys.PowerMgmt`, `Sys.Modify`, `Realm.Allocate`) > * `PVEAuditor`: has read only access > @@ -727,6 +728,7 @@ We currently support the following privileges: > > Node / System related privileges:: > > +* `SuperUser`: modify root-only configuration options (dangerous! don't give > this privilege to untrusted users) > * `Permissions.Modify`: modify access permissions > * `Sys.PowerMgmt`: node power management (start, stop, reset, shutdown, ...) > * `Sys.Console`: console access to node SuperUser is not Node/System related though? it also affects guest operations for example, so I'd add it either up front or last on its own, with a warning and longer description (allows root stuff, might require other basic privs in addition to SuperUser, danger danger, certain actions on users with this privs are restricted, ..) _______________________________________________ pve-devel mailing list pve-devel@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
