Filter
Top Products
14
Role
permissions
Pool Admin Pool
Operator
VM Power
Admin
VM Admin VM Operator Read Only
Connect to
pool and
read all pool
metadata
X X X X X X
Definitions of Permissions
The following table provides additional details about permissions:
Table 2. Definitions of permissions
Permission Allows Assignee To Rationale/Comments
Assign/modify roles • Add/remove users
• Add/remove roles from users
• Enable and disable Active
Directory integration (being
joined to the domain)
This permission lets the user grant
himself or herself any permission
or perform any task.
Warning: This role lets the
user disable the Active Directory
integration and all subjects added
from Active Directory.
Log in to server consoles • Server console access through
ssh
• Server console access through
XenCenter
Warning: With access to a root
shell, the assignee could arbitrarily
reconfigure the entire system,
including RBAC.
Server backup/restore VM create/
destroy operations
• Back up and restore servers
• Back up and restore pool
metadata
The ability to restore a backup
lets the assignee revert RBAC
configuration changes.
Import/export OVF/OVA packages
and disk images
• Import OVF and OVA packages
• Import disk images
• Export VMs as OVF/OVA
packages
Log out active user connections • Ability to disconnect logged in
users
Create/dismiss alerts Warning: A user with this
permission can dismiss alerts for
the entire pool.
Note: The ability to view alerts is
part of the Connect to Pool and
read all pool metadata permission.
Cancel task of any user • Cancel any user's running task This permission lets the user
request XenServer cancel an in-
progress task initiated by any user.