Definitions of Rbac roles and permissions | Citrix Systems 5.6

A user's role can be changed in two ways:

1.Modify the subject -> role mapping (this requires the assign/modify role permission, only available to a Pool Administrator.)

2.Modify the user's containing group membership in Active Directory.

Definitions of RBAC roles and permissions

The following table summarizes which permissions are available for each role. For details on the operations available for each permission, see Definitions of permissions.

Table 1. Permissions available for each role

	Role	Pool Admin	Pool	VM Power	VM Admin	VM	Read Only
	Role	Pool Admin	Pool	VM Power	VM Admin	VM	Read Only
	permissions		Operator	Admin		Operator

	Assign/	X
	modify roles

	Log in to	X
	(physical)
	server
	consoles
	(through
	SSH and
	XenCenter)

	Server	X
	backup/
	restore

	Log out	X	X
	active user
	connections

	Create and	X	X
	dismiss
	alerts

	Cancel task	X	X
	of any user

	Pool	X	X
	management

	VM	X	X	X
	advanced
	operations

	VM create/	X	X	X	X
	destroy
	operations

9

Image 29

Citrix Systems 5.6 manual Definitions of Rbac roles and permissions, Users role can be changed in two ways

Contents

Citrix XenServer 5.6 Administrators Guide Trademarks Managing users Table of Contents Storage ISO NFS VHD Configuring VM memory Viii Workload Balancing Page Page Backup and recovery 123 Monitoring and managing XenServer 136 Xiv Page Xvi Xvii Xviii Xix Index 214 How this Guide relates to other documentation Document Overview Managing users Authenticating users using Active Directory AD Upgrading from XenServer Configuring Active Directory authentication Enabling external authentication on a pool Disabling external authentication User authenticationAllowing a user access to XenServer using the CLI Removing access for a user using the CLI Listing subjects with access Removing access for a userTerminating all authenticated sessions using xe Terminating individual user sessions using xe Role Based Access Control Rbac process Roles Permissions available for each role Definitions of Rbac roles and permissionsUsers role can be changed in two ways WLB Definitions of permissions Permission Allows Assignee To Rationale/Comments Definitions of permissions Permission Allows Assignee To Rationale/Comments Permission Allows Assignee To Rationale/Comments To list all the available defined roles in XenServer Working with Rbac using the xe CLI To display a list of current subjects To assign an Rbac role to a created subject Run the command xe subject-add subject-name=AD user/groupTo add a subject to Rbac Auditing Audit log xe CLI commandsTo change a subjects Rbac role To obtain all audit records from the pool How does XenServer compute the roles for the session? Requirements for creating resource pools Hosts and resource pools overview Naming a resource pool Creating a resource pool Adding shared storage Creating heterogeneous resource pools Removing a XenServer host from a resource pool Adding NFS shared storage to a resource pool using the CLITo remove a host from a resource pool using the CLI HA Overview High AvailabilityOvercommitting Overcommitment Warning Restart priorities Configuration Requirements Enabling HA on a XenServer pool Enabling HA using the CLI Recovering an unreachable host Removing HA protection from a VM using the CLIShutting down a host when HA is enabled Shutting down a VM when it is protected by HA Using the CLI to Manage Host Power On Host Power OnPowering on hosts remotely Key/Value Pairs To enable Host Power On using the CLITo turn on hosts remotely using the CLI Possible values Sample Script Storage Repositories SRs Storage OverviewVirtual Disk Images VDIs Physical Block Devices PBDs Virtual Disk Data Formats Virtual Block Devices VBDsSummary of Storage objects VHD Chain Coalescing VHD-based VDIs LUN-based VDIs Storage configurationCreating Storage Repositories Upgrading LVM storage from XenServer 5.0 or earlier Creating a raw virtual disk using the xe CLILVM performance considerations VDI types Probing an SR Converting between VDI formats Following parameters can be probed for each SR type Page Storage Multipathing To enable storage multipathing using the xe CLI Storage Repository Types Local EXT3 VHD Local LVMCreating a local LVM SR lvm Creating a local EXT3 SR ext Creating a shared EqualLogic SR UdevEqualLogic Parameter Name Description Optional? NetApp Creating a VDI using the CLI Aggregates FlexVols Thick or thin provisioning Access ControlFAS Deduplication Licenses Creating a shared NetApp SR over iSCSI Taking VDI snapshots with a NetApp SR Software iSCSI SupportManaging VDIs in a NetApp SR Managing Hardware Host Bus Adapters HBAs XenServer Host iSCSI configurationSample QLogic iSCSI HBA setup Removing HBA-based SAS, FC or iSCSI device entries LVM over iSCSI Parameter Name Description Optional? Hitachi NFS VHD Creating a shared NFS SR nfs LVM over hardware HBA Creating a shared StorageLink SR Citrix StorageLink Gateway Cslg SRs Parameter name Description Optional? To create a Cslg SR Page Managing Storage Repositories Introducing an SR Destroying or forgetting a SR Converting local Fibre Channel SRs to shared SRs Resizing an SRMoving Virtual Disk Images VDIs between SRs Copying all of a VMs VDIs to a different SR Adjusting the disk IO scheduler Virtual disk QoS settings Possible values of qosalgorithmparamsched are Concept of dynamic range What is Dynamic Memory Control DMC? How does DMC Work? Concept of static rangeDMC Behaviour Supported operating systems Memory constraints Display the dynamic memory properties of a VM Xe CLI commandsDisplay the static memory properties of a VM Updating memory properties Workload Balancing interaction Upgrade issuesUpdate individual memory properties XenServer networking overview Networking Using VLANs with virtual machines Using VLANs with host management interfacesNetwork objects Networks NIC bonds Using VLANs with dedicated storage NICs Creating networks in a standalone server Managing networking configurationInitial networking configuration To connect a network to an external Vlan using the CLI To add a new network using the CLICreating networks in resource pools Creating VLANs Bonding two NICs together Creating NIC bonds on a standalone hostCreating a NIC bond on a dual-NIC host Reverting NIC bonds Creating NIC bonds in resource poolsControlling the MAC address of the bond Adding NIC bonds to new resource pools Adding NIC bonds to an existing pool To add NIC bonds to the pool master and other hosts Controlling Quality of Service QoS Configuring a dedicated storage NICChanging networking configuration options To assign NIC functions using the xe CLI Changing IP address configuration in resource pools Changing IP address configuration for a standalone hostHostname DNS servers To change the IP address of a pool master host Disabling management accessManagement interface To change the NIC used for the management interface Adding a new physical NIC NIC/PIF ordering in resource poolsVerifying NIC ordering Re-ordering NICs Diagnosing network corruption Networking Troubleshooting Recovering from a bad network configuration Whats New? New Features Changes Workload Balancing Overview Workload Balancing Basic Concepts Workload Balancing Installation Overview Supported XenServer Versions Workload Balancing System RequirementsSupported Operating Systems Recommended Hardware Workload Balancing Data Store Requirements SQL Server Database Authentication Requirements Operating System Language Support Preinstallation Considerations WLB Access Control Permissions Installing Workload Balancing To install Workload Balancing server To verify your Workload Balancing installation Upgrading Workload Balancing Configuring Firewalls Upgrading Workload Balancing on the Same Operating System Initializing Workload BalancingUpgrading SQL Server Upgrading Workload Balancing and the Operating System To initialize Workload Balancing Authorization for Workload Balancing Configuring Antivirus Software Configuring Workload Balancing Settings Adjusting the Optimization Mode To display the Workload Balancing Configuration dialog boxFixed Scheduled To edit or delete an automatic optimization interval Optimizing and Managing Power AutomaticallyTo set an optimization mode for all time periods Accepting Optimization Recommendations Automatically Enabling Workload Balancing Power Management 102 To apply optimization recommendations automatically To select servers for power managementChanging the Critical Thresholds To change the critical thresholds Tuning Metric WeightingsDefault Settings for Critical Thresholds Excluding Hosts from Recommendations To edit metric weighting factors VM Optimization Criteria Historical Data Storage Time Number of Times an Optimization Recommendation is Made To configure VM Recommendation intervals To resume a virtual machine on the optimal server To start a virtual machine on the optimal server To accept an optimization recommendation Administering Workload BalancingAccepting Optimization Recommendations Disabling Workload Balancing Reconfiguring a Pool to Use Another WLB Server Updating Workload Balancing Credentials Click Update Credentials Customizing Workload Balancing Entering Maintenance Mode with Workload Balancing EnabledUninstalling Workload Balancing Working with Workload Balancing Reports To enter maintenance mode with Workload Balancing enabledIntroduction Subscribing to Workload Balancing Reports Generating and Managing Workload Balancing Reports Using Workload Balancing Reports for TasksTo generate a Workload Balancing report To subscribe to a Workload Balancing report Report Toolbar Buttons To cancel a report subscriptionTo navigate in a Workload Balancing Report Displaying Workload Balancing Reports Report Generation FeaturesTo print a Workload Balancing report Toolbar Buttons Host Health History Workload Balancing Report Glossary Pool Audit Log History Pool Optimization Performance History Audit Log Event Names Pool Health Pool Optimization History Pool Health History Virtual Machine Performance History Virtual Machine Motion History To backup pool metadata BackupsTo backup host configuration and software To backup a VM Backup and restore using xsconsole Full metadata backup and disaster recovery DRDR and metadata backup overview Moving SRs between hosts and Pools VM Snapshots Using Portable SRs for Manual Multi-Site Disaster Recovery Quiesced Snapshots Regular SnapshotsSnapshots with memory Creating a VM Snapshot To list the snapshots on a particular VM Creating a snapshot with memoryTo list all of the snapshots on a XenServer pool Deleting a snapshot Restoring a VM to its previous state Creating a template from a snapshot Snapshot Templates Advanced Notes for Quiesced Snapshots Exporting a snapshot to a template 132 Master failures Coping with machine failuresMember failures Physical Machine failure Coping with Failure due to Configuration ErrorsPool failures To restore a VM when VM storage is not available To restore a pool with all hosts failed Alerts Monitoring and managing XenServer Valid VM Elements Customizing Alerts Valid Host Elements Configuring Email Alerts Custom Searches Custom Fields and TagsDetermining throughput of physical bus adapters To determine PBD throughput To write logs to a remote server XenServer host logsSending host log messages to a central server Userprofile%\AppData\Citrix\XenCenter\logs\XenCenter.log XenCenter logs Basic xe syntax Xe command-name argument=value argument=value Special characters and syntax Class-list Command types Class-param-list uuid=uuid Low-level param commandsParameter types Low-level list commands Bonding commands Xe command referenceBond parameters Bond-create CD parameters CD commands Console parameters Console commandsCd-list Cd-listparams=param1,param2,... parameter=parametervalue Event-wait Event commandsEvent classes Host parameters Host XenServer host commandsHost selectors Parameter Name Description Type Syslogdestination Host-backupfile-name=backupfilenamehost=hostname Host-backup Host-emergency-management-reconfigure Host-disableHost-bugreport-upload Host-crashdump-destroy Host-evacuate Host-enableHost-forget Host-get-system-status Attribute Description Host-get-system-status-capabilities Host-apply-edition Host-is-in-emergency-modeLicense-server-address License-server-port Host-management-reconfigure Host-management-disableHost-license-view Host-logs-download Host-set-power-on Host-power-onHost-reboot Host-restore Log commands Message parameters Message commandsMessage-create Message-list Network parameters Network commandsSubnet/netmask/gateway 192.168.0.4 Patch parameters Patch update commandsNetwork-create Network-destroy PBD parameters PBD commands Pbd-create PIF commandsPbd-destroy Pbd-plug MAC PIF parameters Dhcp Pif-forget uuid=uuidofpif Pif-forgetPif-introduce Pool parameters Pool commands Parameter Name Description Type Pool-ha-enable Pool-emergency-reset-masterPool-designate-new-master Pool-dump-database SM parameters Storage Manager commands SR parameters SR commands Sr-destroy Sr-createSr-forget Sr-destroy uuid=sruuid Task parameters Task commandsSr-introduce Sr-probe Task-cancel uuid=taskuuid Template commandsTask-cancel Template parameters For memory-dynamic-max Uuid=vmuuid \ Parameter Name Description Type YyyymmddThhmmss z As not in database for Not in database for a Form yyyymmddThhmmss User commands Update commandsUpdate-upload User-password-change VBD parameters VBD commands Vbd-create VDI commands VDI parameters Vdi-copy Vdi-cloneVdi-create Tree /local/domain/0/backend Vdi-forget Vdi-destroyVdi-import Vdi-introduce VIF parameters VIF commandsVdi-unlock Vdi-unlockuuid=uuidofvditounlock force=true Uuid=vifuuid \ Vif-destroy Vif-createVif-plug Vif-unplug VM commands Vlan commandsVM selectors VM parameters Parameter Name Description Type Uuid=templateuuid \ Parameter Name Description Type Value pair autopoweron true VCPUs-number to a value Domain/domid/vm Vm-cd-ejectvm-selector=vmselectorvalue Vm-cd-addVm-cd-eject Vm-cd-list Vm-cd-insertVm-cd-remove Vm-clone Vm-crashdump-list Vm-copyVm-data-source-forget Vm-data-source-list Vm-data-source-record Vm-data-source-queryVm-destroy Vm-disk-add Vm-disk-remove Vm-disk-listVm-export Vm-import Vm-migrate Vm-installVm-memory-shadow-multiplier-set Vm-reset-powerstate Vm-rebootVm-resume Vm-shutdown Vm-start Vm-uninstallVm-suspend Vm-vcpu-hotplug Workload Balancing commands Pool-certificate-sync Pool-certificate-installPool-certificate-list Pool-retrieve-wlb-configuration Pool-deconfigure-wlbPool-param-set Pool-retrieve-wlb-recommendations Pool-send-wlb-configuration Pool-send-wlb-configuration Index