Proxmox 101: User Management (Study Case)

In certain school, they have computer class that using Proxmox VE server for virtual machine lab. This class is divided into 2 class: class 1-A and class 1-B. Each of the class have 2 students.

The administrator need to separate each class so they cannot interfere with other class. There is only one teacher that teach all class so they need to have access to all classes’s pool.

All users will be created from Proxmox VE server authentication realm and doesn’t have access into Proxmox VE host machine.

A. List of Resources

Templates Resources (VM Templates)

VM templates need to be globally available resources so all student can use it without needing to create same template multiple times. This templates will have their own pool and can be accessed by everyone.

Teacher Resources

Class-1A Resources

Class-1B Resources

B. Pools

There are 4 pools: For VM templates, for teacher, for student of class-1A, and for students of class-1B.

C. Groups

There are three groups: One for teacher and two for student classes:

D. Users

In this study case, we have one teacher and 4 students:

A teacher can have multiple groups because they need to teach many classes. While a student can only have one group the are in.

All users in this scenario are created using Proxmox VE server authentication and without using two factor authentication.

E. Roles

Teacher Role

Teacher have role of user and VM administrator for pool they in:

Student Role

Student have privileges to only use VM in their respective pool:

F. Permission

Teacher have access to all pool, while student only have access to their own class’s pool and also templates pool:

G. Operational Test

Login as Guru Satu

As a teacher, Guru Satu can view and have administrator access to all VMs on every pool in this Proxmox VE node. But they neither have access to PVE host machine nor the administrator menu:

Login as Siswa Satu

Siswa Satu can login and have access to all VM in pool class-1A, but cannot see VM from other pool:

Login as Siswa Empat

Siswa Empat can login and have access to VM from class-1B. But they cannot see VM from other class/pool:

Final Words

Thank you for reading up to here. This guide meant to documenting my experience of creating and managing a small Proxmox VE server node with multiple users and roles.

Proxmox VE user management can get a bit messy and tricky. They also don’t offer the most flexible and more complex setup. But it is fine for a small implementation.

This article is by no means perfect and complete. There are still a lot of things that can be improved later. See you on another time.

Thank you.


This post is licensed under CC BY 4.0 by the author.

Comments powered by Disqus.