they may be able to continue to access the pool using XenCenter or other API sessions that they have already created. In order to terminate these sessions forcefully, XenCenter and the CLI provide facilities to terminate individual sessions, or all currently active sessions. See the XenCenter help for more information on procedures using XenCenter, or below for procedures using the CLI.

Terminating all authenticated sessions using xe

Execute the following CLI command:

xe session-subject-identifier-logout-all

Terminating individual user sessions using xe

1.Determine the subject identifier whose session you wish to log out. Use either the session-subject-identifier-listor subject-listxe commands to find this (the first shows users who have sessions, the second shows all users but can be filtered, for example, using a command like xe subject-listother-config:subject- name=xendt\\user1 – depending on your shell you may need a double-backslash as shown).

2.Use the session-subject-logoutcommand, passing the subject identifier you have determined in the previous step as a parameter, for example:

xe session-subject-identifier-logout subject-identifier=<subject-id>

Leaving an AD Domain

Warning:

When you leave the domain (that is, disable Active Directory authentication and disconnect a pool or server from its domain), any users who authenticated to the pool or server with Active Directory credentials are disconnected.

Use XenCenter to leave an AD domain. See the XenCenter help for more information. Alternately run the pool- disable-external-authcommand, specifying the pool uuid if required.

Note:

Leaving the domain will not cause the host objects to be removed from the AD database. See this knowledge base article for more information about this and how to remove the disabled host entries.

Role Based Access Control

Note:

The full RBAC feature is only available in Citrix XenServer Enterprise Edition or higher. To learn more about upgrading XenServer, click here.

XenServer's Role Based Access Control (RBAC) allows you to assign users, roles, and permissions to control who has access to your XenServer and what actions they can perform. The XenServer RBAC system maps a user (or a group of users) to defined roles (a named set of permissions), which in turn have associated XenServer permissions (the ability to perform certain operations).

As users are not assigned permissions directly, but acquire them through their assigned role, management of individual user permissions becomes a matter of simply assigning the user to the appropriate role; this simplifies common operations. XenServer maintains a list of authorized users and their roles.

RBAC allows you to easily restrict which operations different groups of users can perform- thus reducing the probability of an accident by an inexperienced user.

To facilitate compliance and auditing, RBAC also provides an Audit Log feature and its corresponding Workload Balancing Pool Audit Trail report.

10

Page 27 Page 29
Page 28
Image 28
Citrix Systems 6 manual Role Based Access Control, Leaving an AD Domain, Terminating all authenticated sessions using xe
Page 27 Page 29
Top Page Image Contents