// Security & access// AD · RBAC

Proxmox permissions and Active Directory integration

Who can do what in your cluster? Proxmox has a rich role and permission model (RBAC), and you wire login up to Active Directory / LDAP — users sign in with corporate accounts and you control access through AD groups. It's convenience, security and a piece of IT governance auditors will appreciate.

// Table of Contents
  1. Users, groups, roles and path ACLs
  2. Sign in with a corporate account
  3. Access via groups, not accounts
  4. Governance, audit and lower risk
// 01 · The permission model

Users, groups, roles and path ACLs

Permissions in Proxmox combine three things: who (a user or group), which role (a set of privileges, e.g. PVEVMAdmin) and on what (a path: /, /vms/<id>, a resource pool, storage). You grant a permission as an ACL entry on a path — and it inherits down the tree.

ℹ️

Group resources into Pools (e.g. a "Dept-X" pool) and assign roles on the pool — rather than on individual VMs. Less clicking, fewer mistakes.

// 02 · The Active Directory realm

Sign in with a corporate account

Proxmox supports several authentication sources (realms): local PAM, built-in PVE and LDAP/Active Directory. You add an AD realm under Datacenter → Permissions → Realms, providing the server, domain (base DN) and a bind account to query the directory. From then on employees log in with their domain credentials — without creating separate Proxmox accounts.

// 03 · Mapping AD groups → roles

Access via groups, not accounts

The key to maintainable access: assign roles to groups, not individual people. Example: AD group Proxmox-Admins → role Administrator on /; group Dept-X-Operators → role PVEVMAdmin on the Dept-X pool. Granting/revoking access then comes down to changing AD membership — in one familiar place.

💡

Built-in roles (PVEVMAdmin, PVEDatastoreUser, PVEAuditor…) cover most cases. When needed, you create a custom role with exactly the privileges you choose.

// 04 · Why it matters for the organisation

Governance, audit and lower risk

We'll implement a secure access model

We'll design roles, pools and Active Directory integration following least-privilege and your compliance requirements.

⚡ Free consultation→ 2FA in Proxmox