12.3. Pools and Permissions
12.3.1. Managing System Permissions for a Virtual Machine Pool
As the SuperUser, the system administrator manages all aspects of the Administration Portal. More specific administrative roles can be assigned to other users. These restricted administrator roles are useful for granting a user administrative privileges that limit them to a specific resource. For example, a DataCenterAdmin role has administrator privileges only for the assigned data center with the exception of the storage for that data center, and a ClusterAdmin has administrator privileges only for the assigned cluster.
A virtual machine pool administrator is a system administration role for virtual machine pools in a data center. This role can be applied to specific virtual machine pools, to a data center, or to the whole virtualized environment; this is useful to allow different users to manage certain virtual machine pool resources.
The virtual machine pool administrator role permits the following actions:
- Create, edit, and remove pools.
- Add and detach virtual machines from the pool.
Note
You can only assign roles and permissions to existing users.
12.3.2. Virtual Machine Pool Administrator Roles Explained
Pool Permission Roles
The table below describes the administrator roles and privileges applicable to pool administration.
Table 12.5. Red Hat Enterprise Virtualization System Administrator Roles
| Role | Privileges | Notes |
|---|---|---|
| VmPoolAdmin | System Administrator role of a virtual pool. | Can create, delete, and configure a virtual pool, assign and remove virtual pool users, and perform basic operations on a virtual machine. |
| ClusterAdmin | Cluster Administrator | Can use, create, delete, manage all virtual machine pools in a specific cluster. |
12.3.3. Assigning an Administrator or User Role to a Resource
Summary
Assign administrator or user roles to resources to allow users to access or manage that resource.
Procedure 12.7. Assigning a Role to a Resource
- Use the resource tabs, tree mode, or the search function to find and select the resource in the results list.
- Click the tab of the details pane to list the assigned users, the user's role, and the inherited permissions for the selected resource.
- Click to open the Add Permission to User window.
- Enter the name or user name of an existing user into the Search text box and click . Select a user from the resulting list of possible matches.
- Select a role from the Role to Assign: drop-down menu.
- Click to assign the role and close the window.
Result
You have assigned a role to a user; the user now has the inherited permissions of that role enabled for that resource.
12.3.4. Removing an Administrator or User Role from a Resource
Summary
Remove an administrator or user role from a resource; the user loses the inherited permissions associated with the role for that resource.
Procedure 12.8. Removing a Role from a Resource
- Use the resource tabs, tree mode, or the search function to find and select the resource in the results list.
- Click the tab of the details pane to list the assigned users, the user's role, and the inherited permissions for the selected resource.
- Select the user to remove from the resource.
- Click . The Remove Permission window opens to confirm permissions removal.
- Click to remove the user role.
Result
You have removed the user's role, and the associated permissions, from the resource.