Am 16/11/2022 um 09:47 schrieb Dominik Csapak: >> I am not sure the second sentence is necessary, or rather, wouldn't it be >> better >> to make the two lists mutually exclusive? e.g., by removing privileged tags >> from >> the other list? > > i don't really want to auto remove stuff from one option when set on another. > maybe it'd make more sense if we don't allow setting and admin tag when > it's already set in the 'user-allow-list' and vice versa? then > there cannot be a situation where a tag is in both lists at the same time? >
Limits use cases, as we'll only ever allow priv'd tags to be used for things like backup job guest-source selection, and there may be scenarios where an admin wants to allow the user to set a specific privileged tags in the VMs they control. To make that work we'd: - explicitly allow such listed tags for "normal" VM users even if they're in the privileged-tags (that's why I used the term "registered" in previous comments, might be better suited if we deem that privileged is then confusing) - highlight the fact if a tag is in both _______________________________________________ pve-devel mailing list pve-devel@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
