Hi
I’m building a container to do backups of persistent volumes. It needs the ability to create and read snapshots (and potentially delete them) but nothing else.
It looks like at the moment, API clients can be restricted on the project level, but there’s no granular permissions over which actions it can perform.
Is this on the roadmap? What other alternatives do I have?
You can currently use OpenFGA to restrict users to specific instances: Authorization - Incus documentation
and can also write authorization scriptlets: Authorization - Incus documentation
Unrelated to question, more so for community. Maybe I could add some graphical scriptlet management tools to Ararat to make this easier to access/configure. Curious on thoughts!
Ah thanks! Don’t know how I missed that part of the docs. I’ll take a stab with a scriptlet, hopefully that will be sufficient.