uuid ( RO): bb6dd239-1fa9-a06b-a497-3be28b8dca44

subject-identifier ( RO): S-1-5-21-1539997073-1618981536-2562117463-2244

other-config (MRO): subject-name: example01\user_vm_admin; subject-upn: \ user_vm_admin@XENDT.NET; subject-uid: 1823475908; subject-gid: 1823474177; \ subject-sid: S-1-5-21-1539997073-1618981536-2562117463-2244; subject-gecos: \ user_vm_admin; subject-displayname: user_vm_admin; subject-is-group: false; \ subject-account-disabled: false; subject-account-expired: false; \ subject-account-locked: false;subject-password-expired: false

roles (SRO): vm-admin

uuid ( RO): 4fe89a50-6a1a-d9dd-afb9-b554cd00c01a

subject-identifier ( RO): S-1-5-21-1539997073-1618981536-2562117463-2245

other-config (MRO): subject-name: example02\user_vm_op; subject-upn: \ user_vm_op@XENDT.NET; subject-uid: 1823475909; subject-gid: 1823474177; \ subject-sid: S-1-5-21-1539997073-1618981536-2562117463-2245; \ subject-gecos: user_vm_op; subject-displayname: user_vm_op; \ subject-is-group: false; subject-account-disabled: false; \ subject-account-expired: false; subject-account-locked: \

false; subject-password-expired: false roles (SRO): vm-operator

uuid ( RO): 8a63fbf0-9ef4-4fef-b4a5-b42984c27267

subject-identifier ( RO): S-1-5-21-1539997073-1618981536-2562117463-2242

other-config (MRO): subject-name: example03\user_pool_op; \ subject-upn: user_pool_op@XENDT.NET; subject-uid: 1823475906; \ subject-gid: 1823474177; subject-s id: S-1-5-21-1539997073-1618981536-2562117463-2242; \ subject-gecos: user_pool_op; subject-displayname: user_pool_op; \ subject-is-group: false; subject-account-disabled: false; \ subject-account-expired: false; subject-account-locked: \ false; subject-password-expired: false

roles (SRO): pool-operator

To add a subject to RBAC

In order to enable existing AD users to use RBAC, you will need to create a subject instance within XenServer, either for the AD user directly, or for one of their containing groups:

1.Run the command xe subject-add subject-name=<AD user/group>

This adds a new subject instance.

To assign an RBAC role to a created subject

Once you have added a subject, you can assign it to an RBAC role. You can refer to the role by either its uuid or name:

1.Run the command:

xe subject-role-add uuid=<subject uuid> role-uuid=<role_uuid>or

xe subject-role-add uuid=<subject uuid> role-name=<role_name>

For example, the following command adds a subject with the uuid b9b3d03b-3d10-79d3-8ed7- a782c5ea13b4 to the Pool Administrator role:

xe subject-role-add uuid=b9b3d03b-3d10-79d3-8ed7-a782c5ea13b4 role-name=pool-admin

16

Page 36
Image 36
Citrix Systems 5.6 manual To add a subject to Rbac, To assign an Rbac role to a created subject