Auditing, To change a subjects Rbac role | Citrix Systems 5.6

To change a subject's RBAC role:

To change a user's role it is necessary to remove them from their existing role, and add them to a new role:

1.Run the commands:

xe subject-role-remove uuid=<subject uuid> role-name= \ <role_name_to_remove>

xe subject-role-add uuid=<subject uuid > role-name= \ <role_name_to_add>

To ensure that the new role takes effect, the user should be logged out and logged back in again (this requires the "Logout Active User Connections" permission - available to a Pool Administrator or Pool Operator).

Warning:

Once you have added or removed a pool-admin subject, there can be a delay of a few seconds for ssh sessions associated to this subject to be accepted by all hosts of the pool.

Auditing

The RBAC audit log will record any operation taken by a logged-in user.

•the message will explicitly record the Subject ID and user name associated with the session that invoked the operation.

•if an operation is invoked for which the subject does not have authorization, this will be logged.

•if the operation succeeded then this is recorded; if the operation failed then the error code is logged.

Audit log xe CLI commands

xe audit-log-get [since=<timestamp>] filename=<output filename>

This command downloads to a file all the available records of the RBAC audit file in the pool. If the optional parameter 'since' is present, then it only downloads the records from that specific point in time.

To obtain all audit records from the pool

Run the following command:

xe audit-log-get filename=/tmp/auditlog-pool-actions.out

To obtain audit records of the pool since a precise millisecond timestamp

Run the following command:

xe audit-log-get since=2009-09-24T17:56:20.530Z \ filename=/tmp/auditlog-pool-actions.out

To obtain audit records of the pool since a precise minute timestamp

Run the following command:

xe audit-log-get since=2009-09-24T17:56Z \ filename=/tmp/auditlog-pool-actions.out

17

Image 37

Citrix Systems 5.6 manual Auditing, To change a subjects Rbac role, Audit log xe CLI commands

Contents

Citrix XenServer 5.6 Administrators Guide Trademarks Managing users Table of Contents Storage ISO NFS VHD Configuring VM memory Viii Workload Balancing Page Page Backup and recovery 123 Monitoring and managing XenServer 136 Xiv Page Xvi Xvii Xviii Xix Index 214 How this Guide relates to other documentation Document Overview Managing users Authenticating users using Active Directory AD Upgrading from XenServer Configuring Active Directory authentication Enabling external authentication on a pool Disabling external authentication User authenticationAllowing a user access to XenServer using the CLI Removing access for a user using the CLI Listing subjects with access Removing access for a userTerminating all authenticated sessions using xe Terminating individual user sessions using xe Role Based Access Control Rbac process Roles Users role can be changed in two ways Definitions of Rbac roles and permissionsPermissions available for each role WLB Definitions of permissions Permission Allows Assignee To Rationale/Comments Definitions of permissions Permission Allows Assignee To Rationale/Comments Permission Allows Assignee To Rationale/Comments To list all the available defined roles in XenServer Working with Rbac using the xe CLI To display a list of current subjects To add a subject to Rbac Run the command xe subject-add subject-name=AD user/groupTo assign an Rbac role to a created subject Auditing Audit log xe CLI commandsTo change a subjects Rbac role To obtain all audit records from the pool How does XenServer compute the roles for the session? Requirements for creating resource pools Hosts and resource pools overview Naming a resource pool Creating a resource pool Adding shared storage Creating heterogeneous resource pools To remove a host from a resource pool using the CLI Adding NFS shared storage to a resource pool using the CLIRemoving a XenServer host from a resource pool HA Overview High AvailabilityOvercommitting Overcommitment Warning Restart priorities Configuration Requirements Enabling HA on a XenServer pool Enabling HA using the CLI Recovering an unreachable host Removing HA protection from a VM using the CLIShutting down a host when HA is enabled Shutting down a VM when it is protected by HA Powering on hosts remotely Host Power OnUsing the CLI to Manage Host Power On To turn on hosts remotely using the CLI To enable Host Power On using the CLIKey/Value Pairs Possible values Sample Script Storage Repositories SRs Storage OverviewVirtual Disk Images VDIs Physical Block Devices PBDs Summary of Storage objects Virtual Block Devices VBDsVirtual Disk Data Formats VHD Chain Coalescing VHD-based VDIs Creating Storage Repositories Storage configurationLUN-based VDIs Upgrading LVM storage from XenServer 5.0 or earlier Creating a raw virtual disk using the xe CLILVM performance considerations VDI types Probing an SR Converting between VDI formats Following parameters can be probed for each SR type Page Storage Multipathing To enable storage multipathing using the xe CLI Storage Repository Types Local EXT3 VHD Local LVMCreating a local LVM SR lvm Creating a local EXT3 SR ext EqualLogic UdevCreating a shared EqualLogic SR Parameter Name Description Optional? NetApp Creating a VDI using the CLI Aggregates FlexVols Thick or thin provisioning Access ControlFAS Deduplication Licenses Creating a shared NetApp SR over iSCSI Managing VDIs in a NetApp SR Software iSCSI SupportTaking VDI snapshots with a NetApp SR Sample QLogic iSCSI HBA setup XenServer Host iSCSI configurationManaging Hardware Host Bus Adapters HBAs Removing HBA-based SAS, FC or iSCSI device entries LVM over iSCSI Parameter Name Description Optional? Hitachi NFS VHD Creating a shared NFS SR nfs LVM over hardware HBA Creating a shared StorageLink SR Citrix StorageLink Gateway Cslg SRs Parameter name Description Optional? To create a Cslg SR Page Managing Storage Repositories Introducing an SR Destroying or forgetting a SR Converting local Fibre Channel SRs to shared SRs Resizing an SRMoving Virtual Disk Images VDIs between SRs Copying all of a VMs VDIs to a different SR Adjusting the disk IO scheduler Virtual disk QoS settings Possible values of qosalgorithmparamsched are Concept of dynamic range What is Dynamic Memory Control DMC? DMC Behaviour Concept of static rangeHow does DMC Work? Supported operating systems Memory constraints Display the static memory properties of a VM Xe CLI commandsDisplay the dynamic memory properties of a VM Updating memory properties Update individual memory properties Upgrade issuesWorkload Balancing interaction XenServer networking overview Networking Using VLANs with virtual machines Using VLANs with host management interfacesNetwork objects Networks NIC bonds Using VLANs with dedicated storage NICs Initial networking configuration Managing networking configurationCreating networks in a standalone server To connect a network to an external Vlan using the CLI To add a new network using the CLICreating networks in resource pools Creating VLANs Creating a NIC bond on a dual-NIC host Creating NIC bonds on a standalone hostBonding two NICs together Controlling the MAC address of the bond Creating NIC bonds in resource poolsReverting NIC bonds Adding NIC bonds to new resource pools Adding NIC bonds to an existing pool To add NIC bonds to the pool master and other hosts Controlling Quality of Service QoS Configuring a dedicated storage NICChanging networking configuration options To assign NIC functions using the xe CLI Changing IP address configuration in resource pools Changing IP address configuration for a standalone hostHostname DNS servers To change the IP address of a pool master host Disabling management accessManagement interface To change the NIC used for the management interface Adding a new physical NIC NIC/PIF ordering in resource poolsVerifying NIC ordering Re-ordering NICs Diagnosing network corruption Networking Troubleshooting Recovering from a bad network configuration Whats New? New Features Changes Workload Balancing Overview Workload Balancing Basic Concepts Workload Balancing Installation Overview Supported XenServer Versions Workload Balancing System RequirementsSupported Operating Systems Recommended Hardware Workload Balancing Data Store Requirements SQL Server Database Authentication Requirements Operating System Language Support Preinstallation Considerations WLB Access Control Permissions Installing Workload Balancing To install Workload Balancing server To verify your Workload Balancing installation Upgrading Workload Balancing Configuring Firewalls Upgrading Workload Balancing on the Same Operating System Initializing Workload BalancingUpgrading SQL Server Upgrading Workload Balancing and the Operating System To initialize Workload Balancing Authorization for Workload Balancing Configuring Antivirus Software Configuring Workload Balancing Settings Adjusting the Optimization Mode To display the Workload Balancing Configuration dialog boxFixed Scheduled To set an optimization mode for all time periods Optimizing and Managing Power AutomaticallyTo edit or delete an automatic optimization interval Accepting Optimization Recommendations Automatically Enabling Workload Balancing Power Management 102 Changing the Critical Thresholds To select servers for power managementTo apply optimization recommendations automatically Default Settings for Critical Thresholds Tuning Metric WeightingsTo change the critical thresholds Excluding Hosts from Recommendations To edit metric weighting factors VM Optimization Criteria Historical Data Storage Time Number of Times an Optimization Recommendation is Made To configure VM Recommendation intervals To resume a virtual machine on the optimal server To start a virtual machine on the optimal server Accepting Optimization Recommendations Administering Workload BalancingTo accept an optimization recommendation Disabling Workload Balancing Reconfiguring a Pool to Use Another WLB Server Updating Workload Balancing Credentials Click Update Credentials Uninstalling Workload Balancing Entering Maintenance Mode with Workload Balancing EnabledCustomizing Workload Balancing Working with Workload Balancing Reports To enter maintenance mode with Workload Balancing enabledIntroduction Subscribing to Workload Balancing Reports Generating and Managing Workload Balancing Reports Using Workload Balancing Reports for TasksTo generate a Workload Balancing report To subscribe to a Workload Balancing report To navigate in a Workload Balancing Report To cancel a report subscriptionReport Toolbar Buttons Displaying Workload Balancing Reports Report Generation FeaturesTo print a Workload Balancing report Toolbar Buttons Host Health History Workload Balancing Report Glossary Pool Audit Log History Pool Optimization Performance History Audit Log Event Names Pool Health Pool Optimization History Pool Health History Virtual Machine Performance History Virtual Machine Motion History To backup pool metadata BackupsTo backup host configuration and software To backup a VM DR and metadata backup overview Full metadata backup and disaster recovery DRBackup and restore using xsconsole Moving SRs between hosts and Pools VM Snapshots Using Portable SRs for Manual Multi-Site Disaster Recovery Quiesced Snapshots Regular SnapshotsSnapshots with memory Creating a VM Snapshot To list all of the snapshots on a XenServer pool Creating a snapshot with memoryTo list the snapshots on a particular VM Deleting a snapshot Restoring a VM to its previous state Creating a template from a snapshot Snapshot Templates Advanced Notes for Quiesced Snapshots Exporting a snapshot to a template 132 Member failures Coping with machine failuresMaster failures Pool failures Coping with Failure due to Configuration ErrorsPhysical Machine failure To restore a VM when VM storage is not available To restore a pool with all hosts failed Alerts Monitoring and managing XenServer Valid VM Elements Customizing Alerts Valid Host Elements Configuring Email Alerts Custom Searches Custom Fields and TagsDetermining throughput of physical bus adapters To determine PBD throughput Sending host log messages to a central server XenServer host logsTo write logs to a remote server Userprofile%\AppData\Citrix\XenCenter\logs\XenCenter.log XenCenter logs Basic xe syntax Xe command-name argument=value argument=value Special characters and syntax Class-list Command types Parameter types Low-level param commandsClass-param-list uuid=uuid Low-level list commands Bonding commands Xe command referenceBond parameters Bond-create CD parameters CD commands Console parameters Console commandsCd-list Cd-listparams=param1,param2,... parameter=parametervalue Event classes Event commandsEvent-wait Host selectors Host XenServer host commandsHost parameters Parameter Name Description Type Syslogdestination Host-backupfile-name=backupfilenamehost=hostname Host-backup Host-emergency-management-reconfigure Host-disableHost-bugreport-upload Host-crashdump-destroy Host-evacuate Host-enableHost-forget Host-get-system-status Attribute Description Host-get-system-status-capabilities Host-apply-edition Host-is-in-emergency-modeLicense-server-address License-server-port Host-management-reconfigure Host-management-disableHost-license-view Host-logs-download Host-set-power-on Host-power-onHost-reboot Host-restore Log commands Message parameters Message commandsMessage-create Message-list Network parameters Network commandsSubnet/netmask/gateway 192.168.0.4 Patch parameters Patch update commandsNetwork-create Network-destroy PBD parameters PBD commands Pbd-create PIF commandsPbd-destroy Pbd-plug MAC PIF parameters Dhcp Pif-introduce Pif-forgetPif-forget uuid=uuidofpif Pool parameters Pool commands Parameter Name Description Type Pool-ha-enable Pool-emergency-reset-masterPool-designate-new-master Pool-dump-database SM parameters Storage Manager commands SR parameters SR commands Sr-destroy Sr-createSr-forget Sr-destroy uuid=sruuid Task parameters Task commandsSr-introduce Sr-probe Task-cancel Template commandsTask-cancel uuid=taskuuid Template parameters For memory-dynamic-max Uuid=vmuuid \ Parameter Name Description Type YyyymmddThhmmss z As not in database for Not in database for a Form yyyymmddThhmmss User commands Update commandsUpdate-upload User-password-change VBD parameters VBD commands Vbd-create VDI commands VDI parameters Vdi-copy Vdi-cloneVdi-create Tree /local/domain/0/backend Vdi-forget Vdi-destroyVdi-import Vdi-introduce VIF parameters VIF commandsVdi-unlock Vdi-unlockuuid=uuidofvditounlock force=true Uuid=vifuuid \ Vif-destroy Vif-createVif-plug Vif-unplug VM commands Vlan commandsVM selectors VM parameters Parameter Name Description Type Uuid=templateuuid \ Parameter Name Description Type Value pair autopoweron true VCPUs-number to a value Domain/domid/vm Vm-cd-eject Vm-cd-addVm-cd-ejectvm-selector=vmselectorvalue Vm-cd-list Vm-cd-insertVm-cd-remove Vm-clone Vm-crashdump-list Vm-copyVm-data-source-forget Vm-data-source-list Vm-data-source-record Vm-data-source-queryVm-destroy Vm-disk-add Vm-disk-remove Vm-disk-listVm-export Vm-import Vm-memory-shadow-multiplier-set Vm-installVm-migrate Vm-reset-powerstate Vm-rebootVm-resume Vm-shutdown Vm-start Vm-uninstallVm-suspend Vm-vcpu-hotplug Workload Balancing commands Pool-certificate-list Pool-certificate-installPool-certificate-sync Pool-retrieve-wlb-configuration Pool-deconfigure-wlbPool-param-set Pool-retrieve-wlb-recommendations Pool-send-wlb-configuration Pool-send-wlb-configuration Index