On 09/19/2017 10:49 AM, Dietmar Maurer wrote:
As it has already the VM.Backup priv, which means it can already make
a (snapshot) backup *and* restore them - i.e. change over the data/state
of the VM.
I thought restore needs allocate permission on the storage?
OK, yes AllocateSpace is needed.
As Matthias stated in his first patch:
[...] to separate administrative access (create, update, delete) from
user access (rollback) to snapshots
so we could see this as VMUser right.
But as this is still easily possible for the ones who want user to have
it's probably still better as you made it and keep it under admin.
So this is really an opt-in priv.
With this the whole series looks OK to me.
_______________________________________________
pve-devel mailing list
pve-devel@pve.proxmox.com
https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
