acl.cfg

Description

The file /etc/proxmox-backup/acl.cfg is a configuration file for Proxmox Backup Server. It contains the access control configuration for the API.

File Format

This file contains the access control list for the Proxmox Backup Server API.

Each line starts with acl:, followed by 4 additional values separated by colon.

propagate:

Propagate permissions down the hierarchy

path:

The object path

User/Token:

List of users and tokens

Role:

List of assigned roles

Here is an example list:

acl:1:/:root@pam!test:Admin
acl:1:/datastore/store1:user1@pbs:DatastoreAdmin

You can use the proxmox-backup-manager acl command to manipulate this file.

Roles

The following roles exist:

Admin:

Administrator

Audit:

Auditor

NoAccess:

Disable Access

DatastoreAdmin:

Datastore Administrator

DatastoreReader:

Datastore Reader (inspect datastore content and do restores)

DatastoreBackup:

Datastore Backup (backup and restore owned backups)

DatastorePowerUser:

Datastore PowerUser (backup, restore and prune owned backup)

DatastoreAudit:

Datastore Auditor

RemoteAudit:

Remote Auditor

RemoteAdmin:

Remote Administrator

RemoteSyncOperator:

Synchronization Operator

RemoteSyncPushOperator:

Synchronisation Operator (push direction)

RemoteDatastorePowerUser:

Remote Datastore Prune

RemoteDatastoreAdmin:

Remote Datastore Admin

TapeAudit:

Tape Auditor

TapeAdmin:

Tape Administrator

TapeOperator:

Tape Operator

TapeReader:

Tape Reader