6.8. Virtual Machines and Permissions
6.8.1. Managing System Permissions for a Virtual Machine
- Create, edit, and remove virtual machines.
- Run, suspend, shutdown, and stop virtual machines.
Note
6.8.2. Virtual Machines Administrator Roles Explained
Table 6.1. Red Hat Virtualization System Administrator Roles
Role | Privileges | Notes |
---|---|---|
DataCenterAdmin | Data Center Administrator | Possesses administrative permissions for all objects underneath a specific data center except for storage. |
ClusterAdmin | Cluster Administrator | Possesses administrative permissions for all objects underneath a specific cluster. |
NetworkAdmin | Network Administrator | Possesses administrative permissions for all operations on a specific logical network. Can configure and manage networks attached to virtual machines. To configure port mirroring on a virtual machine network, apply the NetworkAdmin role on the network and the UserVmManager role on the virtual machine. |
6.8.3. Virtual Machine User Roles Explained
Table 6.2. Red Hat Virtualization System User Roles
Role | Privileges | Notes |
---|---|---|
UserRole | Can access and use virtual machines and pools. | Can log in to the User Portal and use virtual machines and pools. |
PowerUserRole | Can create and manage virtual machines and templates. | Apply this role to a user for the whole environment with the Configure window, or for specific data centers or clusters. For example, if a PowerUserRole is applied on a data center level, the PowerUser can create virtual machines and templates in the data center. Having a PowerUserRole is equivalent to having the VmCreator, DiskCreator, and TemplateCreator roles. |
UserVmManager | System administrator of a virtual machine. | Can manage virtual machines and create and use snapshots. A user who creates a virtual machine in the User Portal is automatically assigned the UserVmManager role on the machine. |
UserTemplateBasedVm | Limited privileges to only use Templates. | Level of privilege to create a virtual machine by means of a template. |
VmCreator | Can create virtual machines in the User Portal. | This role is not applied to a specific virtual machine; apply this role to a user for the whole environment with the Configure window. When applying this role to a cluster, you must also apply the DiskCreator role on an entire data center, or on specific storage domains. |
VnicProfileUser | Logical network and network interface user for virtual machines. | If the Allow all users to use this Network option was selected when a logical network is created, VnicProfileUser permissions are assigned to all users for the logical network. Users can then attach or detach virtual machine network interfaces to or from the logical network. |
6.8.4. Assigning Virtual Machines to Users
- A User can connect to and use virtual machines. This role is suitable for desktop end users performing day-to-day tasks.
- A PowerUser can create virtual machines and view virtual resources. This role is suitable if you are an administrator or manager who needs to provide virtual resources for your employees.
- A UserVmManager can edit and remove virtual machines, assign user permissions, use snapshots and use templates. It is suitable if you need to make configuration changes to your virtual environment.
Procedure 6.9. Assigning Permissions to Users
- Click the Virtual Machines tab and select a virtual machine.
- Click the Permissions tab on the details pane.
- Click.
- Enter a name, or user name, or part thereof in the Search text box, and click . A list of possible matches display in the results list.
- Select the check box of the user to be assigned the permissions.
- Select UserRole from the Role to Assign drop-down list.
- Click.
Note
6.8.5. Removing Access to Virtual Machines from Users
Procedure 6.10. Removing Access to Virtual Machines from Users
- Click the Virtual Machines tab and select a virtual machine.
- Click the Permissions tab on the details pane.
- Click. A warning message displays, asking you to confirm removal of the selected permissions.
- To proceed, click. To abort, click .