11.4. Managing Groups

In the Virtuozzo security model, a group is a collection of user accounts and/or other groups with a defined set of access rights to certain scope resources. Using groups can simplify the administration of physical and virtual environments by assigning a common set of permissions and rights to several user accounts at once, rather than assigning permissions and rights to each account individually.

Virtuozzo Automator allows you to manage groups in one of the following ways:

  • view the groups currently registered in VA;
  • create a new group;
  • view group details;
  • edit the parameters of an existing group.

11.4.1. Viewing Groups

The groups currently registered in Virtuozzo Automator can be viewed on the Groups tab of the Security screen displayed by following the Security link on the Virtuozzo Automator menu. There are two subtabs on this screen allowing you to list the groups from two Virtuozzo databases (these databases are automatically created during the Virtuozzo Containers installation):

  • The Virtuozzo Internal subtab: this database contains VA-specific groups.
  • The System subtab: this database is fully identical to the system database of the Master Server Host OS. It contains the information on the groups registered in the Host OS and defines the rights these groups have in respect of the system administration. The content of the database can be changed within the Host OS.

The information on groups is presented in the table having the following columns:

Name Description
Icon The icon that serves as a signal that this object is a single user or a whole group: one figure stands for a user, two - stand for a group of users.
Name The name assigned to the group.
Description The group description.

By default, 20 groups are displayed on a page. To change the number of groups shown per page, click the appropriate link below the table. You can also filter the groups shown in the Groups table. To do that, click Show Search, enter search patterns in the search fields, and click Search. To change what search fields are displayed, click Customize. To have the full list of groups back, click Reset Results. To change the groups order in the table, click the corresponding column name.

On the Group tab you can:

  • Remove an existing group by selecting the check box near the corresponding group and clicking the Delete button. When deleting groups, please keep in mind that you cannot remove built-in groups (i.e. any of the groups displayed on the System subtab).
  • Create a new group by following the New Group link at the top of the Groups table.

11.4.2. Creating New Group

You can create a new group in Virtuozzo Automator on the New Group screen which can be accessed by following the Security link on the Virtuozzo Automator menu, clicking the Groups tab on the Security screen, and then clicking the New Group link on the subtab corresponding to the authentication database where you wish to create a group.

To create a new group, you should specify an arbitrary name to be assigned to the group in the Name field. You are also recommended to provide the group description in the Description field.

The Add User and Add Group buttons serve to fill the group being created with users and/or groups already existing in the given authentication database.

The Remove Selected button serves to delete selected users and groups from the list of included ones.

When you are ready, click the Submit button.

After the group has been successfully created, it is displayed in the Groups table on the Security screen. Please note that all new groups do not have any permissions assigned to them and, therefore, do not have access to the physical servers or any of their virtual environments.

11.4.3. Viewing Group Details

The Group screen allows you to view detailed information on a VA Group. To display this page, follow the Security link on the Virtuozzo Automator menu, click the Groups tab on the Security screen, and then click the name of the group whose details you wish to view in the Groups table.

The Group Details section provides the general information on the group - its name and description.

The information on users and/or groups included in the current group is presented in the Users and Groups table having the following columns:

Name Description
Icon The icon that serves as a signal that this object is a single user or a whole group: one figure stands for a user, two - stand for a group of users.
Login The name of the user or group.
Full Name The full name of the user.
E-Mail The user’s valid email address.
Description The description of the user or group.
Distinguished name The distinguished name assigned to the user and uniquely identifying this user among other users in the LDAP-compliant database. This column is relevant only for users from external authentication databases.

By default, 20 users and groups are displayed on a page. To change their number shown per page, click the appropriate link below the table. You can also filter the users and groups shown in the Users and Groups table. To do that, click Show Search, enter search patterns in the search fields, and click Search. To change what search fields are displayed, click Customize. To have the full list of users and groups back, click Reset Results. To change the users and groups order in the table, click the corresponding column name.

If you want to change the name and description of the group, click the Configure icon on the toolbar (available only for modifiable databases, like the Virtuozzo internal one).

11.4.4. Configuring Group Parameters

You can edit the properties of an existing group on the Configure screen which can be accessed by following the Security link on the Virtuozzo Automator menu, clicking the Groups tab on the Security screen, clicking the name of the group whose parameters you wish to configure in the Groups table, and, in the displayed window, clicking the Configure button on the upper toolbar.

The Configure screen allows you to edit the following group parameters:

  • Change the name of the group by typing the desired name in the Name field.
  • Modify the group description by providing the desired information in the Description field.
  • Define what users and/or groups from the given authentication database should be included in the group with the help of the Add User, Add Group, and Remove Selected buttons.