Proxmox Read Only User for API access

Read Only User

Read only users are an important feature for Proxmox if you want to integrate with other systems for monitoring purposes.

A read only user can allow for access to a Proxmox cluster without the ability to implement changes - this post shows how to do this.

Under “Datacenter” go to “Users” and click “Add”.

Enter the user name and password, and select the Realm - Proxmox VE authentication will include the entire cluster.

Next, go to “Permissions” and select “Add->User Permission”.

To give the user access to the entire cluster, select the root path ("/"), select the username@realm and the role of “PVEAuditor” to grant the user read only permissions. You can now test the user login if you wish.

To configure API permissions, select “API Tokens” under permissions, and click “Add”.

Select the username and create a token ID - this is simply a string so can be randomised or more meaningful.

Note that leaving the “Privilege Separation” option checked requires that the API token must be granted access separately from the user - uncheck the box to use the users permissions (PVE Auditor access to the root of the cluster in this example).

Finally, you will be shown a token ID and secret - record these, and use them with whichever script or software requires API access to your Proxmox cluster.

A demonstration of the setup process and API access can be found here: