Table 2. Definitions of permissions

Permission

Allows Assignee To

Rationale/Comments

 

 

 

 

Assign/modify roles

Add/remove users

This permission lets the user

 

Add/remove roles from users

grant himself or herself any

 

permission or perform any task.

 

Enable and disable Active

 

 

 

 

Directory integration (being

Warning: This role lets the user

 

 

joined to the domain)

disable the Active Directory

 

 

 

integration and all subjects

 

 

 

added from Active Directory.

 

 

 

 

Log in to server consoles

Server console access

Warning: With access to a

 

 

through ssh

root shell, the assignee could

 

Server console access

arbitrarily reconfigure the entire

 

system, including RBAC.

 

 

through XenCenter

 

 

 

 

 

 

 

Server backup/restore VM

Back up and restore servers

The ability to restore a backup

create/destroy operations

Back up and restore pool

lets the assignee revert RBAC

 

configuration changes.

 

 

metadata

 

 

 

 

 

 

 

Log out active user connections

Ability to disconnect logged in

 

 

 

users

 

 

 

 

 

Create/dismiss alerts

 

 

Warning: A user with this

 

 

 

permission can dismiss alerts for

 

 

 

the entire pool.

 

 

 

Note: The ability to view alerts

 

 

 

is part of the Connect to Pool

 

 

 

and read all pool metadata

 

 

 

permission.

 

 

 

 

Cancel task of any user

Cancel any user's running

This permission lets the user

 

 

task

request XenServer cancel an in-

 

 

 

progress task initiated by any

 

 

 

user.

 

 

 

 

11

Page 31
Image 31
Citrix Systems 5.6 manual Definitions of permissions, Permission Allows Assignee To Rationale/Comments