Definitions of permissions | Citrix Systems 5.6 instruction

Table 2. Definitions of permissions

Permission	Allows Assignee To		Rationale/Comments

Assign/modify roles	•	Add/remove users	This permission lets the user
	•	Add/remove roles from users	grant himself or herself any
	•	Add/remove roles from users	permission or perform any task.
	•	Enable and disable Active	permission or perform any task.
	•	Enable and disable Active
		Directory integration (being	Warning: This role lets the user
		joined to the domain)	disable the Active Directory
			integration and all subjects
			added from Active Directory.

Log in to server consoles	•	Server console access	Warning: With access to a
		through ssh	root shell, the assignee could
	•	Server console access	arbitrarily reconfigure the entire
	•	Server console access	system, including RBAC.
		through XenCenter	system, including RBAC.
		through XenCenter

Server backup/restore VM	•	Back up and restore servers	The ability to restore a backup
create/destroy operations	•	Back up and restore pool	lets the assignee revert RBAC
	•	Back up and restore pool	configuration changes.
		metadata	configuration changes.
		metadata

Log out active user connections	•	Ability to disconnect logged in
		users

Create/dismiss alerts			Warning: A user with this
			permission can dismiss alerts for
			the entire pool.
			Note: The ability to view alerts
			is part of the Connect to Pool
			and read all pool metadata
			permission.

Cancel task of any user	•	Cancel any user's running	This permission lets the user
		task	request XenServer cancel an in-
			progress task initiated by any
			user.

11

Image 31

Citrix Systems 5.6 manual Definitions of permissions, Permission Allows Assignee To Rationale/Comments

Contents

Citrix XenServer 5.6 Administrators Guide Trademarks Managing users Table of Contents Storage ISO NFS VHD Configuring VM memory Viii Workload Balancing Page Page Backup and recovery 123 Monitoring and managing XenServer 136 Xiv Page Xvi Xvii Xviii Xix Index 214 How this Guide relates to other documentation Document Overview Managing users Authenticating users using Active Directory AD Upgrading from XenServer Configuring Active Directory authentication Enabling external authentication on a pool Removing access for a user using the CLI User authenticationDisabling external authentication Allowing a user access to XenServer using the CLI Terminating individual user sessions using xe Removing access for a userListing subjects with access Terminating all authenticated sessions using xe Role Based Access Control Rbac process Roles Users role can be changed in two ways Definitions of Rbac roles and permissionsPermissions available for each role WLB Definitions of permissions Permission Allows Assignee To Rationale/Comments Definitions of permissions Permission Allows Assignee To Rationale/Comments Permission Allows Assignee To Rationale/Comments To list all the available defined roles in XenServer Working with Rbac using the xe CLI To display a list of current subjects To add a subject to Rbac Run the command xe subject-add subject-name=AD user/groupTo assign an Rbac role to a created subject To obtain all audit records from the pool Audit log xe CLI commandsAuditing To change a subjects Rbac role How does XenServer compute the roles for the session? Requirements for creating resource pools Hosts and resource pools overview Naming a resource pool Creating a resource pool Adding shared storage Creating heterogeneous resource pools To remove a host from a resource pool using the CLI Adding NFS shared storage to a resource pool using the CLIRemoving a XenServer host from a resource pool Overcommitment Warning High AvailabilityHA Overview Overcommitting Restart priorities Configuration Requirements Enabling HA on a XenServer pool Enabling HA using the CLI Shutting down a VM when it is protected by HA Removing HA protection from a VM using the CLIRecovering an unreachable host Shutting down a host when HA is enabled Powering on hosts remotely Host Power OnUsing the CLI to Manage Host Power On To turn on hosts remotely using the CLI To enable Host Power On using the CLIKey/Value Pairs Possible values Sample Script Physical Block Devices PBDs Storage OverviewStorage Repositories SRs Virtual Disk Images VDIs Summary of Storage objects Virtual Block Devices VBDsVirtual Disk Data Formats VHD Chain Coalescing VHD-based VDIs Creating Storage Repositories Storage configurationLUN-based VDIs VDI types Creating a raw virtual disk using the xe CLIUpgrading LVM storage from XenServer 5.0 or earlier LVM performance considerations Probing an SR Converting between VDI formats Following parameters can be probed for each SR type Page Storage Multipathing To enable storage multipathing using the xe CLI Storage Repository Types Creating a local EXT3 SR ext Local LVMLocal EXT3 VHD Creating a local LVM SR lvm EqualLogic UdevCreating a shared EqualLogic SR Parameter Name Description Optional? NetApp Creating a VDI using the CLI Aggregates FlexVols Licenses Access ControlThick or thin provisioning FAS Deduplication Creating a shared NetApp SR over iSCSI Managing VDIs in a NetApp SR Software iSCSI SupportTaking VDI snapshots with a NetApp SR Sample QLogic iSCSI HBA setup XenServer Host iSCSI configurationManaging Hardware Host Bus Adapters HBAs Removing HBA-based SAS, FC or iSCSI device entries LVM over iSCSI Parameter Name Description Optional? Hitachi NFS VHD Creating a shared NFS SR nfs LVM over hardware HBA Creating a shared StorageLink SR Citrix StorageLink Gateway Cslg SRs Parameter name Description Optional? To create a Cslg SR Page Managing Storage Repositories Introducing an SR Destroying or forgetting a SR Copying all of a VMs VDIs to a different SR Resizing an SRConverting local Fibre Channel SRs to shared SRs Moving Virtual Disk Images VDIs between SRs Adjusting the disk IO scheduler Virtual disk QoS settings Possible values of qosalgorithmparamsched are Concept of dynamic range What is Dynamic Memory Control DMC? DMC Behaviour Concept of static rangeHow does DMC Work? Supported operating systems Memory constraints Display the static memory properties of a VM Xe CLI commandsDisplay the dynamic memory properties of a VM Updating memory properties Update individual memory properties Upgrade issuesWorkload Balancing interaction XenServer networking overview Networking Networks Using VLANs with host management interfacesUsing VLANs with virtual machines Network objects NIC bonds Using VLANs with dedicated storage NICs Initial networking configuration Managing networking configurationCreating networks in a standalone server Creating VLANs To add a new network using the CLITo connect a network to an external Vlan using the CLI Creating networks in resource pools Creating a NIC bond on a dual-NIC host Creating NIC bonds on a standalone hostBonding two NICs together Controlling the MAC address of the bond Creating NIC bonds in resource poolsReverting NIC bonds Adding NIC bonds to new resource pools Adding NIC bonds to an existing pool To add NIC bonds to the pool master and other hosts To assign NIC functions using the xe CLI Configuring a dedicated storage NICControlling Quality of Service QoS Changing networking configuration options DNS servers Changing IP address configuration for a standalone hostChanging IP address configuration in resource pools Hostname To change the NIC used for the management interface Disabling management accessTo change the IP address of a pool master host Management interface Re-ordering NICs NIC/PIF ordering in resource poolsAdding a new physical NIC Verifying NIC ordering Diagnosing network corruption Networking Troubleshooting Recovering from a bad network configuration Whats New? New Features Changes Workload Balancing Overview Workload Balancing Basic Concepts Workload Balancing Installation Overview Recommended Hardware Workload Balancing System RequirementsSupported XenServer Versions Supported Operating Systems Workload Balancing Data Store Requirements SQL Server Database Authentication Requirements Operating System Language Support Preinstallation Considerations WLB Access Control Permissions Installing Workload Balancing To install Workload Balancing server To verify your Workload Balancing installation Upgrading Workload Balancing Configuring Firewalls Upgrading Workload Balancing and the Operating System Initializing Workload BalancingUpgrading Workload Balancing on the Same Operating System Upgrading SQL Server To initialize Workload Balancing Authorization for Workload Balancing Configuring Antivirus Software Configuring Workload Balancing Settings Scheduled To display the Workload Balancing Configuration dialog boxAdjusting the Optimization Mode Fixed To set an optimization mode for all time periods Optimizing and Managing Power AutomaticallyTo edit or delete an automatic optimization interval Accepting Optimization Recommendations Automatically Enabling Workload Balancing Power Management 102 Changing the Critical Thresholds To select servers for power managementTo apply optimization recommendations automatically Default Settings for Critical Thresholds Tuning Metric WeightingsTo change the critical thresholds Excluding Hosts from Recommendations To edit metric weighting factors VM Optimization Criteria Historical Data Storage Time Number of Times an Optimization Recommendation is Made To configure VM Recommendation intervals To resume a virtual machine on the optimal server To start a virtual machine on the optimal server Accepting Optimization Recommendations Administering Workload BalancingTo accept an optimization recommendation Disabling Workload Balancing Reconfiguring a Pool to Use Another WLB Server Updating Workload Balancing Credentials Click Update Credentials Uninstalling Workload Balancing Entering Maintenance Mode with Workload Balancing EnabledCustomizing Workload Balancing Subscribing to Workload Balancing Reports To enter maintenance mode with Workload Balancing enabledWorking with Workload Balancing Reports Introduction To subscribe to a Workload Balancing report Using Workload Balancing Reports for TasksGenerating and Managing Workload Balancing Reports To generate a Workload Balancing report To navigate in a Workload Balancing Report To cancel a report subscriptionReport Toolbar Buttons Toolbar Buttons Report Generation FeaturesDisplaying Workload Balancing Reports To print a Workload Balancing report Host Health History Workload Balancing Report Glossary Pool Audit Log History Pool Optimization Performance History Audit Log Event Names Pool Health Pool Optimization History Pool Health History Virtual Machine Performance History Virtual Machine Motion History To backup a VM BackupsTo backup pool metadata To backup host configuration and software DR and metadata backup overview Full metadata backup and disaster recovery DRBackup and restore using xsconsole Moving SRs between hosts and Pools VM Snapshots Using Portable SRs for Manual Multi-Site Disaster Recovery Creating a VM Snapshot Regular SnapshotsQuiesced Snapshots Snapshots with memory To list all of the snapshots on a XenServer pool Creating a snapshot with memoryTo list the snapshots on a particular VM Deleting a snapshot Restoring a VM to its previous state Creating a template from a snapshot Snapshot Templates Advanced Notes for Quiesced Snapshots Exporting a snapshot to a template 132 Member failures Coping with machine failuresMaster failures Pool failures Coping with Failure due to Configuration ErrorsPhysical Machine failure To restore a VM when VM storage is not available To restore a pool with all hosts failed Alerts Monitoring and managing XenServer Valid VM Elements Customizing Alerts Valid Host Elements Configuring Email Alerts To determine PBD throughput Custom Fields and TagsCustom Searches Determining throughput of physical bus adapters Sending host log messages to a central server XenServer host logsTo write logs to a remote server Userprofile%\AppData\Citrix\XenCenter\logs\XenCenter.log XenCenter logs Basic xe syntax Xe command-name argument=value argument=value Special characters and syntax Class-list Command types Parameter types Low-level param commandsClass-param-list uuid=uuid Low-level list commands Bond-create Xe command referenceBonding commands Bond parameters CD parameters CD commands Cd-listparams=param1,param2,... parameter=parametervalue Console commandsConsole parameters Cd-list Event classes Event commandsEvent-wait Host selectors Host XenServer host commandsHost parameters Parameter Name Description Type Syslogdestination Host-backupfile-name=backupfilenamehost=hostname Host-backup Host-crashdump-destroy Host-disableHost-emergency-management-reconfigure Host-bugreport-upload Host-get-system-status Host-enableHost-evacuate Host-forget Attribute Description Host-get-system-status-capabilities License-server-port Host-is-in-emergency-modeHost-apply-edition License-server-address Host-logs-download Host-management-disableHost-management-reconfigure Host-license-view Host-restore Host-power-onHost-set-power-on Host-reboot Log commands Message-list Message commandsMessage parameters Message-create 192.168.0.4 Network commandsNetwork parameters Subnet/netmask/gateway Network-destroy Patch update commandsPatch parameters Network-create PBD parameters PBD commands Pbd-plug PIF commandsPbd-create Pbd-destroy MAC PIF parameters Dhcp Pif-introduce Pif-forgetPif-forget uuid=uuidofpif Pool parameters Pool commands Parameter Name Description Type Pool-dump-database Pool-emergency-reset-masterPool-ha-enable Pool-designate-new-master SM parameters Storage Manager commands SR parameters SR commands Sr-destroy uuid=sruuid Sr-createSr-destroy Sr-forget Sr-probe Task commandsTask parameters Sr-introduce Task-cancel Template commandsTask-cancel uuid=taskuuid Template parameters For memory-dynamic-max Uuid=vmuuid \ Parameter Name Description Type YyyymmddThhmmss z As not in database for Not in database for a Form yyyymmddThhmmss User-password-change Update commandsUser commands Update-upload VBD parameters VBD commands Vbd-create VDI commands VDI parameters Tree /local/domain/0/backend Vdi-cloneVdi-copy Vdi-create Vdi-introduce Vdi-destroyVdi-forget Vdi-import Vdi-unlockuuid=uuidofvditounlock force=true VIF commandsVIF parameters Vdi-unlock Uuid=vifuuid \ Vif-unplug Vif-createVif-destroy Vif-plug VM parameters Vlan commandsVM commands VM selectors Parameter Name Description Type Uuid=templateuuid \ Parameter Name Description Type Value pair autopoweron true VCPUs-number to a value Domain/domid/vm Vm-cd-eject Vm-cd-addVm-cd-ejectvm-selector=vmselectorvalue Vm-clone Vm-cd-insertVm-cd-list Vm-cd-remove Vm-data-source-list Vm-copyVm-crashdump-list Vm-data-source-forget Vm-disk-add Vm-data-source-queryVm-data-source-record Vm-destroy Vm-import Vm-disk-listVm-disk-remove Vm-export Vm-memory-shadow-multiplier-set Vm-installVm-migrate Vm-shutdown Vm-rebootVm-reset-powerstate Vm-resume Vm-vcpu-hotplug Vm-uninstallVm-start Vm-suspend Workload Balancing commands Pool-certificate-list Pool-certificate-installPool-certificate-sync Pool-retrieve-wlb-recommendations Pool-deconfigure-wlbPool-retrieve-wlb-configuration Pool-param-set Pool-send-wlb-configuration Pool-send-wlb-configuration Index