starred/cv4pve-admin
1
0
Fork 0
mirror of https://github.com/Corsinvest/cv4pve-admin.git synced 2026-04-25 04:45:59 +03:00
Code Issues 4 Projects Releases 10 Packages Wiki Activity

[GH-ISSUE #189] [Feedback]: Permissions BUG/Documentation missing/misplaced? #62

New issue
Open
opened 2026-02-26 17:37:05 +03:00 by kerem · 1 comment
kerem commented 2026-02-26 17:37:05 +03:00
Owner
Copy link

Originally created by @tastelessbrain on GitHub (Feb 24, 2026).
Original GitHub issue: https://github.com/Corsinvest/cv4pve-admin/issues/189

Edition

Community Edition (CE)

Version

2.0.0-rc5

Feedback Type

Improvement Suggestion

Description

So im not exatcly sure if it is a bug or i only stared at my screen for too long but here we go.
I need to adhere to least privileges to be allowed to use CV4PVE-Admin on our cluster.

First I cant seem to find the needed Token Privileges in the documentation of this repo.
So I dug through the documentation of the different corsinvest tools and createtd a TOKEN with the following privileges. (Screenshots for context where i found those.)

Assigned to Role:
AutomatedSnapshot

  • Sys.Audit
  • VM.Audit
  • Datastore.Audit
  • Pool.Audit
  • VM.Snapshot

Role assigned to API Token. Privilege separation active.

Now i want to add my Cluster in the web ui.
It works fine with user & pw auth and my admin user.
But for API Token Auth i get:
Permission check failed (/, Sys.Audit)
Should be self explainatory. But i have granted Sys.Audit at "/".

So my question is:

  1. What am I not missing?
  2. Which Privileges do I need to add.
  3. And could we have a docu section for which function needs which permissions?

Additional Context

Proxmox Role and API Token:
Image

Image Image

Found Documentation parts:
https://github.com/Corsinvest/cv4pve-autosnap?tab=readme-ov-file#required-permissions
https://github.com/Corsinvest/cv4pve-diag?tab=readme-ov-file#required-permissions

Logs form container:
2026-02-24 13:54:31.488 +01:00 [WRN] Request Get /cluster/status failed permanently: Forbidden - Permission check failed (/, Sys.Audit) <s:Corsinvest.ProxmoxVE.Admin.Core.Clients.Pve.PveClientWithRetry> 2026-02-24 14:07:28.411 +01:00 [WRN] Authentication error detected, attempting re-login... <s:Corsinvest.ProxmoxVE.Admin.Core.Clients.Pve.PveClientWithRetry> 2026-02-24 14:07:28.411 +01:00 [INF] Attempting re-authentication... <s:Corsinvest.ProxmoxVE.Admin.Core.Clients.Pve.PveClientWithRetry> 2026-02-24 14:07:28.416 +01:00 [INF] Re-authentication completed successfully <s:Corsinvest.ProxmoxVE.Admin.Core.Clients.Pve.PveClientWithRetry> 2026-02-24 14:07:28.418 +01:00 [WRN] Authentication error detected, attempting re-login... <s:Corsinvest.ProxmoxVE.Admin.Core.Clients.Pve.PveClientWithRetry> 2026-02-24 14:07:28.418 +01:00 [INF] Attempting re-authentication... <s:Corsinvest.ProxmoxVE.Admin.Core.Clients.Pve.PveClientWithRetry> 2026-02-24 14:07:28.422 +01:00 [INF] Re-authentication completed successfully <s:Corsinvest.ProxmoxVE.Admin.Core.Clients.Pve.PveClientWithRetry> 2026-02-24 14:07:28.423 +01:00 [WRN] Authentication error detected, attempting re-login... <s:Corsinvest.ProxmoxVE.Admin.Core.Clients.Pve.PveClientWithRetry> 2026-02-24 14:07:28.423 +01:00 [INF] Attempting re-authentication... <s:Corsinvest.ProxmoxVE.Admin.Core.Clients.Pve.PveClientWithRetry> 2026-02-24 14:07:28.427 +01:00 [INF] Re-authentication completed successfully <s:Corsinvest.ProxmoxVE.Admin.Core.Clients.Pve.PveClientWithRetry> 2026-02-24 14:07:28.428 +01:00 [WRN] Request Get /cluster/status failed permanently: Forbidden - Permission check failed (/, Sys.Audit) <s:Corsinvest.ProxmoxVE.Admin.Core.Clients.Pve.PveClientWithRetry> 2026-02-24 14:07:36.462 +01:00 [WRN] Authentication error detected, attempting re-login... <s:Corsinvest.ProxmoxVE.Admin.Core.Clients.Pve.PveClientWithRetry> 2026-02-24 14:07:36.462 +01:00 [INF] Attempting re-authentication... <s:Corsinvest.ProxmoxVE.Admin.Core.Clients.Pve.PveClientWithRetry> 2026-02-24 14:07:36.466 +01:00 [INF] Re-authentication completed successfully <s:Corsinvest.ProxmoxVE.Admin.Core.Clients.Pve.PveClientWithRetry> 2026-02-24 14:07:36.467 +01:00 [WRN] Authentication error detected, attempting re-login... <s:Corsinvest.ProxmoxVE.Admin.Core.Clients.Pve.PveClientWithRetry> 2026-02-24 14:07:36.467 +01:00 [INF] Attempting re-authentication... <s:Corsinvest.ProxmoxVE.Admin.Core.Clients.Pve.PveClientWithRetry> 2026-02-24 14:07:36.471 +01:00 [INF] Re-authentication completed successfully <s:Corsinvest.ProxmoxVE.Admin.Core.Clients.Pve.PveClientWithRetry> 2026-02-24 14:07:36.473 +01:00 [WRN] Authentication error detected, attempting re-login... <s:Corsinvest.ProxmoxVE.Admin.Core.Clients.Pve.PveClientWithRetry> 2026-02-24 14:07:36.473 +01:00 [INF] Attempting re-authentication... <s:Corsinvest.ProxmoxVE.Admin.Core.Clients.Pve.PveClientWithRetry> 2026-02-24 14:07:36.476 +01:00 [INF] Re-authentication completed successfully <s:Corsinvest.ProxmoxVE.Admin.Core.Clients.Pve.PveClientWithRetry> 2026-02-24 14:07:36.478 +01:00 [WRN] Request Get /cluster/status failed permanently: Forbidden - Permission check failed (/, Sys.Audit) <s:Corsinvest.ProxmoxVE.Admin.Core.Clients.Pve.PveClientWithRetry>

Originally created by @tastelessbrain on GitHub (Feb 24, 2026). Original GitHub issue: https://github.com/Corsinvest/cv4pve-admin/issues/189 ### Edition Community Edition (CE) ### Version 2.0.0-rc5 ### Feedback Type Improvement Suggestion ### Description So im not exatcly sure if it is a bug or i only stared at my screen for too long but here we go. I need to adhere to least privileges to be allowed to use CV4PVE-Admin on our cluster. First I cant seem to find the needed Token Privileges in the documentation of this repo. So I dug through the documentation of the different corsinvest tools and createtd a TOKEN with the following privileges. (Screenshots for context where i found those.) Assigned to Role: AutomatedSnapshot - Sys.Audit - VM.Audit - Datastore.Audit - Pool.Audit - VM.Snapshot Role assigned to API Token. Privilege separation active. Now i want to add my Cluster in the web ui. It works fine with user & pw auth and my admin user. But for API Token Auth i get: `Permission check failed (/, Sys.Audit)` Should be self explainatory. But i have granted Sys.Audit at "/". So my question is: 1. What am I not missing? 2. Which Privileges do I need to add. 3. And could we have a docu section for which function needs which permissions? ### Additional Context Proxmox Role and API Token: <img width="604" height="158" alt="Image" src="https://github.com/user-attachments/assets/333aba60-018d-457b-ba37-ca42eaa3f65b" /> <img width="1349" height="28" alt="Image" src="https://github.com/user-attachments/assets/eed0c86d-9d98-4ea6-9535-af7a3e8bca3d" /> <img width="608" height="207" alt="Image" src="https://github.com/user-attachments/assets/dc65f8c3-ee7d-44da-91a0-ca37f7f9e978" /> Found Documentation parts: https://github.com/Corsinvest/cv4pve-autosnap?tab=readme-ov-file#required-permissions https://github.com/Corsinvest/cv4pve-diag?tab=readme-ov-file#required-permissions Logs form container: `2026-02-24 13:54:31.488 +01:00 [WRN] Request Get /cluster/status failed permanently: Forbidden - Permission check failed (/, Sys.Audit) <s:Corsinvest.ProxmoxVE.Admin.Core.Clients.Pve.PveClientWithRetry> 2026-02-24 14:07:28.411 +01:00 [WRN] Authentication error detected, attempting re-login... <s:Corsinvest.ProxmoxVE.Admin.Core.Clients.Pve.PveClientWithRetry> 2026-02-24 14:07:28.411 +01:00 [INF] Attempting re-authentication... <s:Corsinvest.ProxmoxVE.Admin.Core.Clients.Pve.PveClientWithRetry> 2026-02-24 14:07:28.416 +01:00 [INF] Re-authentication completed successfully <s:Corsinvest.ProxmoxVE.Admin.Core.Clients.Pve.PveClientWithRetry> 2026-02-24 14:07:28.418 +01:00 [WRN] Authentication error detected, attempting re-login... <s:Corsinvest.ProxmoxVE.Admin.Core.Clients.Pve.PveClientWithRetry> 2026-02-24 14:07:28.418 +01:00 [INF] Attempting re-authentication... <s:Corsinvest.ProxmoxVE.Admin.Core.Clients.Pve.PveClientWithRetry> 2026-02-24 14:07:28.422 +01:00 [INF] Re-authentication completed successfully <s:Corsinvest.ProxmoxVE.Admin.Core.Clients.Pve.PveClientWithRetry> 2026-02-24 14:07:28.423 +01:00 [WRN] Authentication error detected, attempting re-login... <s:Corsinvest.ProxmoxVE.Admin.Core.Clients.Pve.PveClientWithRetry> 2026-02-24 14:07:28.423 +01:00 [INF] Attempting re-authentication... <s:Corsinvest.ProxmoxVE.Admin.Core.Clients.Pve.PveClientWithRetry> 2026-02-24 14:07:28.427 +01:00 [INF] Re-authentication completed successfully <s:Corsinvest.ProxmoxVE.Admin.Core.Clients.Pve.PveClientWithRetry> 2026-02-24 14:07:28.428 +01:00 [WRN] Request Get /cluster/status failed permanently: Forbidden - Permission check failed (/, Sys.Audit) <s:Corsinvest.ProxmoxVE.Admin.Core.Clients.Pve.PveClientWithRetry> 2026-02-24 14:07:36.462 +01:00 [WRN] Authentication error detected, attempting re-login... <s:Corsinvest.ProxmoxVE.Admin.Core.Clients.Pve.PveClientWithRetry> 2026-02-24 14:07:36.462 +01:00 [INF] Attempting re-authentication... <s:Corsinvest.ProxmoxVE.Admin.Core.Clients.Pve.PveClientWithRetry> 2026-02-24 14:07:36.466 +01:00 [INF] Re-authentication completed successfully <s:Corsinvest.ProxmoxVE.Admin.Core.Clients.Pve.PveClientWithRetry> 2026-02-24 14:07:36.467 +01:00 [WRN] Authentication error detected, attempting re-login... <s:Corsinvest.ProxmoxVE.Admin.Core.Clients.Pve.PveClientWithRetry> 2026-02-24 14:07:36.467 +01:00 [INF] Attempting re-authentication... <s:Corsinvest.ProxmoxVE.Admin.Core.Clients.Pve.PveClientWithRetry> 2026-02-24 14:07:36.471 +01:00 [INF] Re-authentication completed successfully <s:Corsinvest.ProxmoxVE.Admin.Core.Clients.Pve.PveClientWithRetry> 2026-02-24 14:07:36.473 +01:00 [WRN] Authentication error detected, attempting re-login... <s:Corsinvest.ProxmoxVE.Admin.Core.Clients.Pve.PveClientWithRetry> 2026-02-24 14:07:36.473 +01:00 [INF] Attempting re-authentication... <s:Corsinvest.ProxmoxVE.Admin.Core.Clients.Pve.PveClientWithRetry> 2026-02-24 14:07:36.476 +01:00 [INF] Re-authentication completed successfully <s:Corsinvest.ProxmoxVE.Admin.Core.Clients.Pve.PveClientWithRetry> 2026-02-24 14:07:36.478 +01:00 [WRN] Request Get /cluster/status failed permanently: Forbidden - Permission check failed (/, Sys.Audit) <s:Corsinvest.ProxmoxVE.Admin.Core.Clients.Pve.PveClientWithRetry> `
kerem commented 2026-02-26 17:37:05 +03:00
Author
Owner
Copy link

@franklupo commented on GitHub (Feb 24, 2026):

Thank you for the feedback!

The required Proxmox VE role for cv4pve-admin is PVEAdmin assigned at path /.

We are updating the documentation in the Getting Started guide to clarify this requirement. Using a subset of privileges (e.g. Sys.Audit alone) is not sufficient and will cause permission errors at runtime.

The documentation update will be included in the next release.

<!-- gh-comment-id:3953908906 --> @franklupo commented on GitHub (Feb 24, 2026): Thank you for the feedback! The required Proxmox VE role for cv4pve-admin is **`PVEAdmin`** assigned at path `/`. We are updating the documentation in the Getting Started guide to clarify this requirement. Using a subset of privileges (e.g. `Sys.Audit` alone) is not sufficient and will cause permission errors at runtime. The documentation update will be included in the next release.
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
gh-pages
feat/vm-jolly-field
v2.0.0
v2.0.0-rc6
v2.0.0-rc5
v2.0.0-rc4
v2.0.0-rc3
v2.0.0-rc2
v2.0.0-rc1
v1.3.1
v1.3.0
v1.2.0
v1.1.3
v1.1.2
v1.1.1
v1.1.0
v1.0.2
v1.0.1
v1.0.0
v1.0.0-rc.3
v1.0.0-rc.2
v1.0.0-rc.1
v0.0.7-beta
v0.0.6-beta
v0.0.5-beta
v0.0.4-beta
v0.0.3-beta
v0.0.2-beta
v0.0.1-beta
Labels
Clear labels   
bug

   
bug

   
enhancement

   
feedback

   
pull-request

Mirrored from GitHub Pull Request

No labels
bug
bug
enhancement
feedback
pull-request
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/cv4pve-admin#62
No description provided.