14
Role
permissions
Pool Admin Pool
Operator
VM Power
Admin
VM Admin VM Operator Read Only
Connect to
pool and
read all pool
metadata
XXXXXX
Definitions of PermissionsThe following table provides additional details about permissions:
Table 2. Definitions of permissions
Permission Allows Assignee To Rationale/Comments
Assign/modify roles • Add/remove users
• Add/remove roles from users
• Enable and disable Active
Directory integration (being
joined to the domain)
This permission lets the user grant
himself or herself any permission
or perform any task.
Warning: This role lets the
user disable the Active Directory
integration and all subjects added
from Active Directory.
Log in to server consoles • Server console access through
ssh
• Server console access through
XenCenter
Warning: With access to a root
shell, the assignee could arbitrarily
reconfigure the entire system,
including RBAC.
Server backup/restore VM create/
destroy operations
• Back up and restore servers
• Back up and restore pool
metadata
The ability to restore a backup
lets the assignee revert RBAC
configuration changes.
Import/export OVF/OVA packages
and disk images
• Import OVF and OVA packages
• Import disk images
• Export VMs as OVF/OVA
packages
Log out active user connections • Ability to disconnect logged in
users
Create/dismiss alerts Warning: A user with this
permission can dismiss alerts for
the entire pool.
Note: The ability to view alerts is
part of the Connect to Pool and
read all pool metadata permission.
Cancel task of any user • Cancel any user's running task This permission lets the user
request XenServer cancel an in-
progress task initiated by any user.