2015-11-11 19:00:28 +01:00
|
|
|
# ACLs
|
|
|
|
|
|
2018-05-22 17:02:22 -04:00
|
|
|
> ACLs are permissions that apply to pre-existing objects. Only a super admin (XO administrator) can create objects.
|
2016-10-27 10:01:34 +02:00
|
|
|
|
2018-05-22 17:02:22 -04:00
|
|
|
ACLs are the permissions for your users or groups. The ACLs view can be accessed in the "Settings" panel.
|
2015-11-11 19:00:44 +01:00
|
|
|
|
2018-05-22 17:02:22 -04:00
|
|
|
1. Select the user or group you want to apply permissions on
|
2015-11-11 19:00:44 +01:00
|
|
|
2. Select the object on which the permission will apply
|
|
|
|
|
3. Choose the role for this ACL
|
|
|
|
|
4. Click on "Create"
|
|
|
|
|
|
2016-07-06 15:00:34 +02:00
|
|
|
|
2015-11-11 19:00:44 +01:00
|
|
|
|
|
|
|
|
> Pro tip: you can click to add multiple objects at the same time!
|
|
|
|
|
|
|
|
|
|
Your ACL is now available in the right list:
|
|
|
|
|
|
2016-07-06 15:00:34 +02:00
|
|
|
|
2015-11-11 19:00:44 +01:00
|
|
|
|
|
|
|
|
You can edit/remove existing ACLs here.
|
|
|
|
|
|
|
|
|
|
## Roles
|
|
|
|
|
|
2018-05-22 17:02:22 -04:00
|
|
|
There are 3 different roles for your users:
|
2015-11-11 19:00:44 +01:00
|
|
|
|
|
|
|
|
* Admin
|
|
|
|
|
* Operator
|
|
|
|
|
* Viewer
|
|
|
|
|
|
|
|
|
|
### Admin
|
|
|
|
|
|
|
|
|
|
An object admin can do everything on it, even destroy it. E.g with its admin VM:
|
|
|
|
|
|
|
|
|
|
* remove it
|
|
|
|
|
* migrate it (to a host with admin permission on it)
|
|
|
|
|
* modify the VM resources, name and description
|
|
|
|
|
* clone it
|
|
|
|
|
* copy it
|
|
|
|
|
* convert it into a template
|
|
|
|
|
* snapshot it (even revert from a snapshot)
|
|
|
|
|
* export it
|
|
|
|
|
* attach/add visible disks
|
|
|
|
|
* same for network cards
|
|
|
|
|
|
|
|
|
|
### Operator
|
|
|
|
|
|
|
|
|
|
An operator can make everyday operations on assigned objects. E.g on a VM:
|
|
|
|
|
|
|
|
|
|
* eject a CD
|
|
|
|
|
* insert a CD (if he can view the ISO storage repository)
|
|
|
|
|
* start, restart, shutdown, suspend/resume it
|
|
|
|
|
|
|
|
|
|
All other operations are forbidden.
|
|
|
|
|
|
|
|
|
|
### Viewer
|
|
|
|
|
|
2016-09-12 18:03:54 +02:00
|
|
|
A viewer can only see the VM state and its metrics. That's all!
|
2015-11-11 19:00:44 +01:00
|
|
|
|
|
|
|
|
## Inheritance
|
|
|
|
|
|
|
|
|
|
Objects have a hierarchy: a Pool contains all its hosts, containing itself all its VMs.
|
|
|
|
|
|
|
|
|
|
If you give a *view* permission to a user (or a group) on a pool, he will automatically see all the objects inside this pool (SRs, hosts, VMs).
|
|
|
|
|
|
|
|
|
|
## Examples
|
|
|
|
|
|
|
|
|
|
### Allow a user to install an OS
|
|
|
|
|
|
2018-05-22 17:02:22 -04:00
|
|
|
If the OS install needs an ISO, you need to give this user 2 permissions:
|
2015-11-11 19:00:44 +01:00
|
|
|
|
|
|
|
|
* *Operate* on the VM (e.g to start it)
|
|
|
|
|
* *View* on the ISO Storage containing the needed ISO.
|
