General Question
-
Just an off the wall question to see if someone has something similar or some similar ideas.
Would it be possible to have Xen Orchestra public facing, and setup to give lets say, customers, permissions only to their VMs/servers?
Looking to see if this would be a good setup for host cloud hosting providers have this setup, but in a small capacity. Less than 20 users, maybe 40 VMs total.
-
@Schmarvin yes you could absolutely do this, the existing permissions system would likely suffice as you can set each user with access to only their VMs.
The permissions though are Viewer, Operator and Admin.
With Admin a user could mistakenly delete their VM (through stupidity or otherwise).
-
Yes, absolutely. ACLs or self-service could do the trick. Don't forget to enable 2FA (eg via OTP or SAML or OIDC provider) to be sure no brute force would work
-
Awesome, thanks for the assistance. It works! Though, noted an issue. Might be user error, meaning me. But, when setting the user to "User" instead of "Admin" they can't change their password. Says "not enough permissions"
Is there a way to fix it where they can still change their password?
-
@Schmarvin said in General Question:
Awesome, thanks for the assistance. It works! Though, noted an issue. Might be user error, meaning me. But, when setting the user to "User" instead of "Admin" they can't change their password. Says "not enough permissions"
Is there a way to fix it where they can still change their password?
I can't say I've ever tried this, I assume you mean when you set a user with Viewer permissions they don't have enough permissions to reset their own password?
-
Under users, I only have "User" and "Admin" for permissions.
Setting as user, they can't change the password or setup OTP. -
@Schmarvin said in General Question:
Under users, I only have "User" and "Admin" for permissions.
Setting as user, they can't change the password or setup OTP.Would be better to ask @olivierlambert to tag someone who's dev'd on the project.
-
Currently there's 2 general types of users: admins (with all permissions, we could have named them "superadmins") and users, with nothing by default. Once logger, a user doesn't have any permission on any object, but they could log with OTP or whatnot.
-
Is there a way to add another permission group? So that they could have select permissions?
-
Yes, you can create a group and provide ACLs on the group (IIRC). So all users in the group will have the same permissions.
