11.7. Managing User/Group Permissions

The main idea of the role-based access control functionality consists in granting a user (or several users within one and the same group) access to the physical server or its virtual environments, thus, allowing them to log in to this physical server/virtual environment(s) by means of Virtuozzo Automator and to perform a number of operations on them in accordance with the rights and permissions assigned to the user (or group). So, in the VA security model any user/group is characterized by the permissions deduced from the roles assigned to the user (group) and allowing her/him to complete certain tasks in the physical server/virtual environment context.

11.7.1. Managing Physical Server Permissions

11.7.1.1. Viewing Physical Server Permissions

You can view the permissions of a user (group) to perform certain operations in the physical server context on the Security tab of the physical server. The Permissions table on this tab displays all the permissions currently existing in respect of the physical server. The information on permissions is presented in the following columns:

Column Description
User or Group The user/group possessing the given permission.
Assigned Role The role assigned to the user/group and defining the set of privileges for this user/group.
Authentication Database The name of the authentication database the user/group belongs to.

By default, 20 permissions are displayed on a page. To change the number of permissions shown per page, click the appropriate link below the table. You can also filter the permissions shown in the Permissions table. To do that, click Show Search, enter search patterns in the search fields, and click Search. To change what search fields are displayed, click Customize. To have the full list of permissions back, click Reset Results. To change the permissions order in the table, click the corresponding column name.

On the Permissions tab you can:

  • Remove an existing permission by selecting the check box near the corresponding user and clicking the Delete button.
  • Create a new permission by following the New Permission link at the top of the Users table.

11.7.1.2. Creating Physical Server Permissions

The New Permission screen allows you to assign roles to users/groups, thus, endowing these users/groups with certain rights in respect of the physical server. This screen can be accessed by clicking New Permission on the Security tab of the physical server. To make a new permission, you should perform the following operations:

  1. In the Assigned Roles table, select the role you wish to assign to the user/group and click the >> button.
  2. Specify the user(s)/group(s) in the Users and Groups table. To this effect:
    • click the Add User/Add Group button;
    • in the displayed window, select the check box near the user/group you wish to assign the selected role to;
    • click Add Selected.
  3. Click the Save button.

After a while, the newly created permission will be displayed in the table on the Permission tab of the Security screen.

11.7.2. Managing Container Permissions

11.7.2.1. Viewing Container Permissions

You can view the permissions of a user (group) to perform certain operations in the container context on the Security tab of the container. The Permissions table on this tab displays all the permissions currently existing in respect of the given container. For more information, see Viewing Physical Server Permissions.

11.7.2.2. Creating Container Permissions

The New Permission screen allows you to assign roles to users/groups, thus, endowing these users/groups with certain rights in respect of the given container. This screen can be accessed by clicking New Permission on the Security tab of the container. For more information, see Creating Physical Server Permissions.

11.7.3. Managing Virtual Machine Permissions

11.7.3.1. Viewing Virtual Machine Permissions

You can view the permissions of a user (group) to perform certain operations in the virtual machine context on the Security tab of the virtual machine. The Permissions table on this tab displays all the permissions currently existing in respect of the given virtual machine. For more information, see Viewing Physical Server Permissions.

11.7.3.2. Creating Virtual Machine Permissions

The Add Permission screen allows you to assign roles to users or groups, thus, endowing these users or groups with certain rights in respect of the virtual machine. This screen can be accessed by clicking New Permission on the Security tab of the virtual machine. For more information, see Creating Physical Server Permissions.

11.7.4. Managing Server Group Permissions

11.7.4.1. Viewing Server Group Permissions

You can view the permissions of a user (group), allowing her/him to perform certain operations on all physical servers included in the Server Group, on the Global Permissions tab of the Security window which can be accessed by following the Security link on the Virtuozzo Automator main menu. The Permissions table on this tab displays all the permissions currently existing in respect of the Server Group. For more information, see Viewing Physical Server Permissions.

Note

If you have one physical server registered in Virtuozzo Automator, the Permissions table will display the permissions for this physical server only.

11.7.4.2. Creating Server Group Permissions

The New Permission screen allows you to assign roles to users/groups, thus, endowing these users/groups with certain rights to manage all the physical servers included in the Server Group and all their virtual environments. This screen can be accessed by following the Security link on the Virtuozzo Automator main menu, clicking the Global Permissions tab on the Security screen, and clicking New Permission on this tab. For more information, see Creating Physical Server Permissions.

11.7.5. Managing Logical Unit Permissions

11.7.5.1. Viewing Logical Unit Permissions

You can view the permissions of a user (group), allowing her/him to perform certain operations on all physical servers and virtual environments included in the given logical unit, on the Permissions tab of the Logical View window which can be accessed by following the Logical View link on the Virtuozzo Automator main menu. The Permissions table on this tab displays all the permissions currently existing in respect of this logical unit. For more information, see Viewing Physical Server Permissions.

11.7.5.2. Creating Logical Unit Permissions

The New Permission screen allows you to assign roles to users/groups, thus, endowing these users/groups with certain rights to manage all the physical servers and virtual environments included in the given logical unit. This screen can be accessed by following the Logical View link on the Virtuozzo Automator main menu, clicking the Permissions tab on the Logical View screen, and clicking New Permission on this tab. For more information, see Creating Physical Server Permissions.