Citrix Systems 6 ユーザーズマニュアル
12
Note:
You cannot add, remove or modify roles in this version of XenServer.
Warning:
You can not assign the role of pool-admin to an AD group which has more than 500 members,
if you want users of the AD group to have SSH access.
if you want users of the AD group to have SSH access.
For a summary of the permissions available for each role and more detailed information on the operations
available for each permission, see
available for each permission, see
.
All XenServer users need to be allocated to an appropriate role. By default, all new users will be allocated to the
Pool Administrator role. It is possible for a user to be assigned to multiple roles; in that scenario, the user will
have the union of all the permissions of all their assigned roles.
Pool Administrator role. It is possible for a user to be assigned to multiple roles; in that scenario, the user will
have the union of all the permissions of all their assigned roles.
A user's role can be changed in two ways:
1. Modify the subject -> role mapping (this requires the assign/modify role permission, only available to a Pool
Administrator.)
2. Modify the user's containing group membership in Active Directory.
Definitions of RBAC Roles and Permissions
The following table summarizes which permissions are available for each role. For details on the operations
available for each permission, see Definitions of permissions.
available for each permission, see Definitions of permissions.
Table 1. Permissions available for each role
Role
permissions
permissions
Pool Admin
Pool
Operator
Operator
VM Power
Admin
Admin
VM Admin
VM Operator Read Only
Assign/
modify roles
modify roles
X
Log in to
(physical)
server
consoles
(through SSH
and
XenCenter)
(physical)
server
consoles
(through SSH
and
XenCenter)
X
Server
backup/
restore
backup/
restore
X
Import/
export OVF/
OVA
packages and
disk images
export OVF/
OVA
packages and
disk images
X
Log
out
active user
connections
connections
X
X
Create and
dismiss alerts
dismiss alerts
X
X