|
|
|
|
As the Virtuozzo datacenter administrator, you can use the credentials of the (
) root/(
)Administrator user having a full administrative access to the Hardware Nodes to manage these Nodes and all their Containers by means of Parallels Infrastructure Manager. However, you may want to grant the rights to other users to perform certain operations on a Hardware Node and/or its Containers. For example, you can allow some user to manage certain Containers only without having access to the remaining Containers on the Node and/or to the Node itself or to complete only a restricted set of tasks in the Container context (e.g. start, stop, and restart a Container without having the right to back up this Container or configure its resources).
To achieve this goal, a well-balanced user authentication and authorization strategy has been implemented in Virtuozzo 4.0. This strategy is based on the following main components:
The relationship among these components is described as follows. Users are objects characterized by the roles delegated to them in a certain scope. Users can be members of groups. Users and groups can be retrieved either from local databases or from databases on external computers in your network. The information on these databases is stored on the Node in the form of authentication databases. Roles are sets of abstract privileges that can be assigned to a user or a group to form a permission. Permissions enable users or groups to perform certain operations in different scopes, which can be represented by one of the following entities:
Parallels Infrastructure Manager allows you to manage any of the aforementioned components in the following way:
Detailed information on how to perform these operations is given in the following subsections.
