Mark Laing
Mark Laing
All working fine for fine-grained identities. ``` mark@RUBIX:~$ lxc auth group create my-group mark@RUBIX:~$ lxc auth group permission add my-group project default can_view_operations mark@RUBIX:~$ lxc auth identity create tls/mark --group...
Thanks for reporting @mas-who. @tomponline yes this is a bug, we've documented that `admin` on `server` should grant the equivalent of unix socket access. The reason for this is that...
@tomponline rebased and ready for review
> > When performing an action on a single storage volume, we need to perform the following checks: > > ``` > > 1. Is the pool containing the volume...
@tomponline summarising here my remarks about this PR in the core daily stand up: As far as fine-grained auth is concerned, we can call `CheckPermission` on a URL if that...
@tomponline have updated this to address your comments. Ready for review when you have some time. Thanks.
> Please can you rebase this Yep done.
> @markylaing does #13962 supersede this? It's related but a solution to #13962 might not solve this. We need to decide who should be able to see these background operations....
Closed by #15991
@edlerd if you're using an unrestricted certificate, are connecting via unix, or are a fine-grained TLS identity in a group with the `can_override_cluster_target_restriction` entitlement on `server`, then the cluster target...