---
layout: page
title: proxmox_virtual_environment_acl
parent: Resources
subcategory: Virtual Environment
description: |-
  Manages ACLs on the Proxmox cluster.
  ACLs are used to control access to resources in the Proxmox cluster.
  Each ACL consists of a path, a user, group or token, a role, and a flag to allow propagation of permissions.
---

# Resource: proxmox_virtual_environment_acl

Manages ACLs on the Proxmox cluster.

ACLs are used to control access to resources in the Proxmox cluster.
Each ACL consists of a path, a user, group or token, a role, and a flag to allow propagation of permissions.

## Example Usage

```terraform
resource "proxmox_virtual_environment_user" "operations_automation" {
  comment  = "Managed by Terraform"
  password = "a-strong-password"
  user_id  = "operations-automation@pve"
}

resource "proxmox_virtual_environment_role" "operations_monitoring" {
  role_id = "operations-monitoring"

  privileges = [
    "VM.Monitor",
  ]
}

resource "proxmox_virtual_environment_acl" "operations_automation_monitoring" {
  user_id = proxmox_virtual_environment_user.operations_automation.user_id
  role_id = proxmox_virtual_environment_role.operations_monitoring.role_id

  path      = "/vms/1234"
  propagate = true
}
```

<!-- schema generated by tfplugindocs -->
## Schema

### Required

- `path` (String) Access control path
- `role_id` (String) The role to apply

### Optional

- `group_id` (String) The group the ACL should apply to (mutually exclusive with `token_id` and `user_id`)
- `propagate` (Boolean) Allow to propagate (inherit) permissions.
- `token_id` (String) The token the ACL should apply to (mutually exclusive with `group_id` and `user_id`)
- `user_id` (String) The user the ACL should apply to (mutually exclusive with `group_id` and `token_id`)

### Read-Only

- `id` (String) The unique identifier of this resource.

## Import

Import is supported using the following syntax:

```shell
#!/usr/bin/env sh
# ACL can be imported using its unique identifier, e.g.: {path}?entity_id={group|user@realm|user@realm!token}?role_id={role}
terraform import proxmox_virtual_environment_acl.operations_automation_monitoring /?entity_id=monitor@pve&role_id=operations-monitoring
```