Definitions of permissions | Citrix Systems 6 specification

Role		Pool Admin	Pool	VM Power	VM Admin	VM Operator	Read Only
permissions			Operator	Admin

Connect	to	X	X	X	X	X	X
pool	and
read all pool
metadata

Definitions of Permissions

The following table provides additional details about permissions:

Table 2. Definitions of permissions

Permission	Allows Assignee To						Rationale/Comments

Assign/modify roles	•	Add/remove users					This permission lets the user grant
	• Add/remove roles from users						himself or herself any permission
	• Add/remove roles from users						or perform any task.
	•	Enable	and		disable	Active	or perform any task.
	•	Enable	and		disable	Active
		Directory		integration		(being	Warning:	This	role	lets	the
		joined to the domain)					user disable the Active Directory
							integration and all subjects added
							from Active Directory.

Log in to server consoles	•	Server console access through					Warning: With access to a root
		ssh					shell, the assignee could arbitrarily
	•	Server console access through					reconfigure	the	entire	system,
	•	Server console access through					including RBAC.
		XenCenter					including RBAC.
		XenCenter

Server backup/restore VM create/	•	Back up and restore servers					The ability to restore a backup
destroy operations	• Back		up	and	restore	pool	lets the assignee revert				RBAC
	• Back		up	and	restore	pool	configuration changes.
		metadata					configuration changes.
		metadata

Import/export OVF/OVA packages	• Import OVF and OVA packages
and disk images	•	Import disk images
	•	Import disk images
	• Export			VMs	as OVF/OVA
		packages

Log out active user connections	•	Ability to disconnect logged in
		users

Create/dismiss alerts							Warning: A user with this
							permission can dismiss alerts for
							the entire pool.
							Note: The ability to view alerts is
							part of the Connect to Pool and
							read all pool metadata permission.

Cancel task of any user	•	Cancel any user's running task					This permission lets the user
							request XenServer cancel an in-
							progress task initiated by any user.

14

Image 32

Citrix Systems 6 manual Definitions of permissions, Permission Allows Assignee To Rationale/Comments

Contents

Citrix XenServer 6.0 Administrators Guide Trademarks Contents Storage ISO Configuring VM Memory Xen Memory Usage Disaster Recovery and Backup Monitoring and Managing XenServer 106 110 Page Host-bugreport-upload 129 Xiii Xiv Page Vm-compute-maximum-memory Workload Balancing Service Commands 186 Xviii Benefits of Using XenServer Using XenServer reduces costs byUsing XenServer increases flexibility by Introducing XenServer XenServer Editions New Features in XenServerAdministering XenServer Rolling Pool Upgrade Wizard Distributed Virtual Switch ImprovementsSimplified Installer Microsoft Scvmm and Scom Support VM Protection and Recovery XenServer DocumentationNFS Support for High Availability XenCenter Improvements XenServer CLI Term Authenticating Users With Active Directory ADXenCenter Term Configuring Active Directory Authentication Upgrading XenServer Active Directory integration Port Protocol Use Disabling external authentication User AuthenticationEnabling external authentication on a pool Removing Access for a User Allowing a user access to XenServer using the CLIRemoving access for a user using the CLI Listing subjects with access Role Based Access Control Terminating all authenticated sessions using xeTerminating individual user sessions using xe Leaving an AD Domain Roles Rbac process Permissions available for each role Definitions of Rbac Roles and PermissionsUsers role can be changed in two ways WLB Definitions of permissions Permission Allows Assignee To Rationale/Comments Permission Allows Assignee To Rationale/Comments Report Generated or its recipient Using Rbac with the CLI To List All the Available Defined Roles in XenServer To Display a List of Current Subjects Run the command xe subject-add subject-name=AD user/group To Add a Subject to RbacTo Assign an Rbac Role to a Created subject To Change a Subjects Rbac Role Audit Log xe CLI Commands AuditingHow Does XenServer Compute the Roles for the Session? To Obtain All Audit Records From the PoolPage Hosts and Resource Pools Overview Requirements for Creating Resource Pools Naming a resource pool Creating a Resource PoolCreating Heterogeneous Resource Pools Adding NFS shared storage to a resource pool using the CLI Adding Shared Storage Removing a XenServer Host from a Resource Pool Preparing a Pool of XenServer Hosts for MaintenanceTo remove a host from a resource pool using the CLI Overcommitting High AvailabilityHA Overview Host Fencing Configuration RequirementsOvercommitment Warning HA Always Run Explanation Restart PrioritiesHA Restart Priority Restart Explanation Enabling HA on a XenServer Pool Enabling HA Using the CLIRemoving HA Protection from a VM using the CLI Host Power On Recovering an Unreachable HostShutting Down a host When HA is Enabled Shutting Down a VM When it is Protected by HA To Turn on Hosts Remotely Using the CLI Using the CLI to Manage Host Power OnTo Enable Host Power On Using the CLI Key/Value Pairs Sample Script Result is only displayed when the script is unsuccessful Storage Overview Storage Repositories SRsVirtual Disk Images VDIs Physical Block Devices PBDs Virtual Block Devices VBDs Summary of Storage objectsVirtual Disk Data Formats VHD-based VDIs LUN-based VDIs VHD Chain Coalescing Storage type Maximum VDI size Storage Repository TypesLocal LVM Local EXT3 VHD UdevCreating a Local LVM SR lvm Creating a Local EXT3 SR ext Citrix StorageLink SRs XenServer Host iSCSI configurationSoftware iSCSI Support Upgrading XenServer with StorageLink SRs Creating a Shared StorageLink SR To Create a CSL SR Using XenCenter Parameter name Description Optional? To Create a CSL SR Using the CLI Page Sample QLogic iSCSI HBA setup Managing Hardware Host Bus Adapters HBAs Parameter Name Description LVM over iSCSIRemoving HBA-based SAS, FC or iSCSI Device Entries Parameter Name Description Hitachi NFS VHD Storage Configuration LVM over Hardware HBACreating Storage Repositories Creating a Shared NFS SR NFS VDI Types Upgrading LVM Storage from XenServer 5.0 or EarlierLVM Performance Considerations Probing an SR Creating a Raw Virtual Disk Using the xe CLIConverting Between VDI Formats Following parameters can be probed for each SR type Page To enable storage multipathing using the xe CLI Storage Multipathing Managing Storage Repositories MPP Rdac Driver Support for LSI ArraysDestroying or Forgetting a SR Introducing an SR Resizing an SR Converting Local Fibre Channel SRs to Shared SRs Adjusting the Disk IO Scheduler Moving Virtual Disk Images VDIs Between SRsCopying All of a VMs VDIs to a Different SR Copying Individual VDIs to a Different SR Automatically Reclaiming Space When Deleting Snapshots Reclaiming Space Using the Off Line Coalesce Tool Virtual Disk QoS Settings Possible values of qosalgorithmparamsched arePage What is Dynamic Memory Control DMC? Concept of Dynamic Range How Does DMC Work? Concept of Static RangeDMC Behaviour Operating System Supported Memory Limits Memory ConstraintsSupported Operating Systems Xe CLI Commands Display the Static Memory Properties of a VM Display the Dynamic Memory Properties of a VM Updating Memory Properties Workload Balancing Interaction Upgrade IssuesUpdate Individual Memory Properties Setting Control Domain Memory Name Default Description Name Default Description VSwitch Networks Networking Support XenServer Networking Overview Network Objects NIC Bonds NetworksVLANs Page Switch Configuration Active-Active Bonding Active-Passive Bonding Cross-Server Private networks Managing Networking ConfigurationInitial Networking Configuration Creating Networks in a Standalone Server To add a new network using the CLI To connect a network to an external Vlan using the CLICreating Networks in Resource Pools Creating VLANs Controlling the MAC Address of the Bond Creating a NIC bondBonding two NICs Adding NIC bonds to new resource pools Creating NIC bonds in resource poolsReverting NIC bonds Adding NIC bonds to an existing pool Configuring a dedicated storage NICTo assign NIC functions using the xe CLI Assigning a SR-IOV NIC VF to a VM Using SR-IOV Enabled NICsControlling the rate of outgoing data QoS Changing networking configuration options Networking Stack Configuration Methods Available Changing IP address configuration for a standalone host Changing IP address configuration in resource poolsHostname DNS servers Networking Troubleshooting Disabling management accessPrimary management interface Adding a new physical NIC Recovering from a bad network configuration Diagnosing network corruption Disaster Recovery and Backup Understanding XenServer DR DR Infrastructure Requirements Enabling Disaster Recovery in XenCenter Steps to Take After a RecoveryDeployment Considerations Steps to Take Before a Disaster Recovering VMs and vApps in the Event of Disaster Failover Recovery Wizard Test Failover VApps Using the Manage vApps dialog box in XenCenter Backing Up and Restoring XenServer Hosts and VMsCreating vApps Value Description To backup pool metadata To backup host configuration and softwareTo backup a VM To backup VM metadata only Backing up XenServer hosts Backing up single host installationsBacking up pooled installations To restore a running XenServer host Backing up VMsTo back up a XenServer host Restarting a crashed XenServer host VM Snapshots Regular SnapshotsQuiesced Snapshots Snapshots with memory To list the snapshots on a particular VM Creating a snapshot with memoryTo list all of the snapshots on a XenServer pool Restoring a VM to its previous state Deleting a snapshot Exporting a snapshot to a template Snapshot TemplatesCreating a template from a snapshot Advanced Notes for Quiesced Snapshots Naming convention for VM archive folders VM Protection and RecoveryCoping with machine failures Master failures Opt/xensource/sm/resetvdis.py hostUUID Sruuid masterMember failures Physical Machine failure Coping with Failure due to Configuration ErrorsPool failures To restore a pool with all hosts failed To restore a VM when VM storage is not available Alerts Alert Description Customizing Alerts Valid VM Elements Configuring Email Alerts Valid Host Elements Custom Fields and Tags Custom SearchesDetermining throughput of physical bus adapters To determine PBD throughput To write logs to a remote server XenServer host logsSending host log messages to a central server XenCenter logs Userprofile%\AppData\Citrix\XenCenter\logs\XenCenter.log Xe command-name argument=value argument=value Basic xe Syntax Class-list Command TypesSpecial Characters and Syntax Parameter Types Class-param-list uuid=uuid Low-level Parameter CommandsLow-level List Commands Xe Command Reference Appliance CommandsAppliance-assert-can-be-recovered Appliance Parameters Audit Commands Bonding Commands CD Commands Cd-list Cd-listparams=param1,param2,... parameter=parametervalue Console Commands Disaster Recovery DR CommandsConsole Parameters Drtask-create Vm-assert-can-be-recovered Vm-recoverSr-enable-database-replication Sr-disable-database-replication Class name Description Event CommandsEvent Classes GPU Commands Event-wait GPU Group Parameters Host Commands Vgpu-createVgpu-destroy Host Selectors Host Parameters Syslogdestination Yyyymmdd-hhmmss-ABC, where ABC is Host-backup Host-disableHost-bugreport-upload Host-crashdump-destroy Host-emergency-management-reconfigure Host-enableHost-evacuate Host-forget Host-get-system-status-capabilities Attribute Description Host-management-disable Host-is-in-emergency-modeHost-apply-edition Host-license-add Host-management-reconfigure Host-power-onHost-get-cpu-features Host-set-cpu-features Host-restore Host-syslog-reconfigureHost-set-hostname-live Host-shutdown Host-data-source-list Host-data-source-recordHost-data-source-forget Host-data-source-query Log Commands Message CommandsLog-set-output Message Parameters Network Commands Message-destroyMessage-list Network Parameters Patch Update Commands Network-createNetwork-destroy Patch Parameters PBD Commands PIF Commands Pbd-createPbd-destroy Pbd-plug PIF Parameters MAC Full or half Pif-reconfigure-ip Pif-forgetPif-introduce Pif-plug Pool Commands Pif-scanPif-unplug Pool Parameters Pool-designate-new-master Pool-dump-database Pool-emergency-reset-master Pool-ha-enablePool-ha-disable Pool-recover-slaves Storage Manager Commands SR CommandsSM Parameters SR Parameters Sr-create User Sr-destroy Sr-forgetSr-introduce Sr-probe Task Commands Task Parameters Template Commands Task-cancelTask-cancel uuid=taskuuid Template Parameters For memory-dynamic-max Uuid=templateuuid \ Order or an Order Not YyyymmddThhmmss As not in database for Update Commands Template-export User Commands VBD CommandsUpdate-upload User-password-change Vbd-create Vbd-createvm-uuid=uuidofthevmdevice=devicevalue VDI Commands VDI Parameters VDI Vdi-clone Vdi-copyVdi-create Local/domain/0/backend Vdi-destroy Vdi-forgetVdi-import Vdi-introduce VIF Commands Vdi-snapshotVdi-unlock VIF Parameters Disable 165 Vlan Commands Vif-createVif-destroy Vif-plug VM Commands Parameter Name Description Type Uuid=vmuuid \ Order Value pair autopoweron true Vcpu-hotplug command Domain/domid/vm Vm-cd-add Vm-cd-ejectVm-cd-insert Vm-cd-list Vm-clone Vm-compute-maximum-memoryVm-copy Vm-crashdump-list Vm-data-source-list Vm-data-source-recordVm-data-source-forget Vm-data-source-query Vm-destroy Vm-disk-addVm-disk-list Vm-disk-remove Vm-install Vm-import Vm-reboot Vm-reset-powerstateVm-memory-shadow-multiplier-set Vm-migrate Vm-resume Vm-shutdownVm-start Vm-suspend Workload Balancing XE Commands Pool-retrieve-wlb-diagnostics Pool-certificate-installHost-retrieve-wlb-evacuate-recommendations Vm-retrieve-wlb-recommendations Pool-deconfigure-wlb Pool-retrieve-wlb-configurationPool-retrieve-wlb-recommendations Pool-retrieve-wlb-report Pool-send-wlb-configuration 185 Service Commands Modifying the Workload Balancing configuration options Editing the Workload Balancing configuration fileTo run the wlbconfig command To edit the wlb.conf file Increasing the Detail in the Workload Balancing Log Logging Trace Flag Benefit or Purpose Option Logging Trace Flag Benefit or Purpose Option