Skip to Content

Access matrix

Cloudmox - Permissions matrix (current capabilities)

Below are the roles within Cloudmox.

The ones with the red header are Cloudmox admins. Never assign one of these roles to a Tenant unless that Tenant runs a dedicated Cloudmox instance.

The ones with the green header are Tenant users. Typically, a Tenant admin can create users, assign resource pools (but never bigger than the pools an Cloudmox admin assigned to the Tenant).

If a user from a Tenant has no rights to do something, you can always grant them rights. Go to the user in Cloudmox, goto permissions and select the allowed actions.

Capability Cloudmox super admin System Auditor Cloudmox Admin Multi-tenant admin Tenant admin Profile admin Profile user Tenant user Tenant Auditor
View VMs and metrics S L S T T T P R L
Console (noVNC) S L S T T T P R L
Power on/off/reboot S L S T T T P R L
Edit specs / reinstall / ISO S L S T T T P R L
Snapshots and backups S L S T T T P R L
Create VM / clone / LXC S L S T T T P R L
Delete VPS S L S T T X X X L
Change resources (resize) S L S T T T P R L
Comparative dashboard S L S T T X X X L
Users (create / edit) S L S T T T X X L
Groups S L S T T T X X L
Simple resource profile (CPU/Mem/Storage/ limits only) S L S T T T X X
Permissions (grants) S L S T T X X X L
Resource profiles & pools S L S(only pools) T (only pools) T X X X L
White label per tenant S L S T T X X X L
SMTP per tenant S L S T T X X X L
Impersonate user S L S T T X X X L
Logs / audit S L S T T X X X X
Clusters / connect Proxmox S L X X X X X X X
Complete resource profile S
S X X X X X X
Default resource profile S
X X X X X X X
General, License, global SMTP S L X X X X X X X

Legend
S Full access – all tenants
T Only the tenants they administer
P Only within the assigned pool and quotas
R Rights must be set per cluster/node/vm and only within assigned pools and quotas
L Read-only
x No access