Friday, November 22, 2024
Google search engine
HomeGuest BlogsList of oVirt/RHEV User Roles and its Permissions

List of oVirt/RHEV User Roles and its Permissions

oVirt / Red Hat Virtualization environment has a variety of preconfigured roles. Users in the internal or external domain can
be assigned multiple roles at multiple levels in the oVirt/RHEV hierarchy. The roles listed in this article can be used to better manage user access and to delegate administrative authority in Virtualization environment. This enables you to limit access to admin@internal account while being able to properly track and manage users for compliance.

These roles that comes with the virtualization platform can be categorized in to two types of roles:

1. Administrative roles

Users with Administrative roles can access the Administration Portal and perform operations from there. By assigning less comprehensive roles to appropriate users, you’ll be able to offload administrative tasks.

SuperUser Role

  • A user assigned this role has full permissions across all objects and levels in your oVirt/RHEV environment
  • This role is assigned to admin@internal automatically
  • This role is fit for engineers with the responsibility of managing the Virtualization environment

ClusterAdmin

  • A user assigned this role will have administrative permissions for all resources in a specific cluster.
  • Fit for cluster administrators for specific clusters.
  • Users with this role assigned to one or more clusters are able to administer these clusters and their resources
  • User with this role can administer, but cannot create new clusters.

DataCenterAdmin

  • A user with this role has administrative permissions across all objects in a specific data center, except for storage
  • Meant for data center administrators for specific data centers
  • Users with this role cannot manage storage resources in data center, this is managed by a StorageAdmin.

StorageAdmin

  • Contains all permissions required by a storage administrator
  • A user assigned this role can create, delete, and manage assigned storage domains

NetworkAdmin

  • Contain permissions required by a network administrator
  • A user is assigned this role can create, edit, and remove the networks of an assigned data center or cluster

VmImporterExporter

  • This role represents the permissions of an import and export administrator
  • Users with this role can import and export virtual machines

TemplateAdmin

  • It represents permissions required by a virtual machine template administrator
  • Users with this role can create, configure, and delete storage domains and network details of templates

HostAdmin

  • Contain permissions for a host administrator
  • Enable users to attach, configure, remove, and manage a host

GlusterAdmin

  • Permissions required for a Gluster Storage administrator
  • Users assigned this role can create, remove, and manage Gluster storage volumes.

2. User roles

Users assigned user roles have access to the VM Portal. Roles that fall in this category are:

PowerUserRole

  • A user assigned this role can create and manage virtual machines and templates at their assigned level, e.g within data center scope.
  • This role allows users to self-service their own virtual machines
  • A user will not be able to see virtual machines created by other users, unless at least UserRole is assigned on those machines

UserRole

  • With this role, a user can log in to the VM Portal – to see the virtual machine, start or stop that machine.
  • Users with this role cannot create new virtual machines, or edit or delete existing ones.

UserVmManager

  • Users with this role can manage virtual machines, create and use snapshots for the VMs they are assigned
  • Basically a user have full control of the virtual machine in VM Portal
  • A user is automatically assigned this role on a new virtual machine that user creates using the VM Portal

VmCreator

  • This role gives the user permission to create virtual machines using the User Portal.
  • Users assigned this role are able to create virtual machines from VM Portal

TemplateCreator

  • This role enables users to create, edit, manage, and remove templates

DiskOperator

  • This role gives the user privileges to manage virtual disks – use, view, and edit virtual disks

UserTemplateBasedVm

  • It gives the user limited privileges to use only the virtual machine templates – create virtual machines based on templates

DiskCreator

  • This roles enable users assigned it to create, edit, manage, and remove virtual disks within the assigned part of the environment

TemplateOwner

  • This role gives the user privileges to edit and remove templates

VnicProfileUser

  • This role gives the user permission to attach or detach network interfaces from logical networks

Conclusion

These default roles cannot be changed or removed, but it is possible to clone them for customization. More information is available in the oVirt / RHEV administration documentation pages on how to clone and customize default roles, or create entirely new roles.

Other guides on oVirt / RHEV administration:

RELATED ARTICLES

Most Popular

Recent Comments