In **Proxmox VE**, you can create users and assign **fine-grained permissions** using roles and **Access Control Lists (ACLs)**. Here’s how to:
—
## ✅ 1. **Create a New User (UI-Only)**
This user won’t have shell access—just Proxmox web UI access.
### 🔧 Steps:
1. Go to **Datacenter → Permissions → Users**
2. Click **”Add”** ➝ Fill in:
– **User ID**: e.g., `alice`
– **Realm**: `PVE` (this creates a Proxmox-only user)
– **Password**: Set a password
> ✅ Now `alice@pve` can log into the Proxmox web UI.
—
## 🛠️ 2. **Grant Admin Rights to One Node**
You’ll now assign admin rights, **but only on a specific node**.
### 🪪 Steps:
1. Go to **Datacenter → Permissions**
2. Click **”Add”**
– **Path**: `/nodes/<node-name>` (e.g., `/nodes/pve1`)
– **User**: `alice@pve`
– **Role**: `Administrator`
> 🔐 This gives `alice@pve` full control **only over that node**. They won’t see other nodes or unrelated VMs.
—
## 🔒 3. **Create a User with Access to a Specific VM**
Let’s say you want `bob@pve` to only manage `VM 100`.
Create the User:
1. Go to **Datacenter → Permissions → Users**
2. Add user:
– User ID: `bob`
– Realm: `PVE`
– Password: (set one)
### 🗂️ Assign Permission to the VM:
1. Go to **Datacenter → Permissions**
2. Click **”Add”**
– **Path**: `/vms/100`
– **User**: `bob@pve`
– **Role**: Choose based on need:
– `PVEVMAdmin`: Full VM control (start, stop, console, etc.)
– `PVEVMUser`: Limited control (start/stop only, no config)
> 🔐 `bob@pve` can only interact with **VM 100**, nothing else.
—
## 🧠 Tips:
– Users won’t see things they don’t have access to.
– You can test user access by logging into the web UI as them.
– Use **Groups** if you want to assign roles to multiple users at once.