Configuring Role Parameters

The Manage Role page allows you to configure the parameters of any roles existing in Parallels Infrastructure Manager. To display this page, follow the Security link on the Infrastructure Manager menu, click the Roles tab on the Security screen, and then click the name of the role you wish to edit in the Roles table.

Notes: 1. To edit a role, you need to have your own permission to do so.

2. You cannot modify or rename the built-in roles. If you want to have a modified built-in role, you should clone this role first and then change its parameters.

In this window you can configure the following parameters of a role:

The General Parameters group of parameters allows you to change the name and description of the role by typing the desired information in the fields provided.
The Privileges and Included Roles groups of parameters enable you to modify the role privileges:
- Browse thru the hierarchy of available privileges under the Privileges group and select or clear the check boxes of those privileges that you wish to include in the role or to exclude from the role, respectively.
- Expand the Included Roles group and use the >> and << buttons to include/exclude any of the existing roles to the role you are editing, respectively.

When setting up Virtuozzo Containers roles, you should have a clear idea about the scope where these roles will be assigned to users/groups to form permissions. Thus, it is necessary to know in what scope this or that privilege can be applied and what exactly is implied by the privilege. E.g. it bears little sense to include the "Log in to Infrastructure Manager" privilege in the role intended for Container administrators and, therefore, used in the Container scope only.

The table below describes all the available privileges and indicates the scopes where they can be used:

Privilege	G	U	N	C	Description
Full Control	+	+	+	+	Provide the user with full control over the given scope.
Control Panels	+	+	+	+	Allow the user to log in to various control panels on the given scope.
Log in to Parallels Infrastructure Manager	+	-	-	-	Allow the user to log in to Parallels Infrastructure Manager.
Log in to Parallels Power Panel	+	+	+	+	Allow the user to log in to Parallels Power Panel for any Container included in the given scope.
Log in to Container terminal	+	+	+	+	Allow the user to log in to any Container included in the given scope via SSH or RDP.
Log in to Plesk	+	+	+	+	Allow the user to log in to the Plesk control panel for any Container included in the given scope.
Log in to Sitebuilder	+	+	+	+	Allow the user to log in to the Sitebuilder control panel for any Container included in the given scope.
Log in to Confixx	+	+	+	+	Allow the user to log in to the Confixx control panel for any Container included in the given scope.
Log in via SOAP	+	+	+	+	Allow the user to log in to the Node using the SOAP API (Application Programming Interface).
Container Management	+	+	+	+	Provide the user with all the various Container management permissions enumerated below.
New Container	+	+	+	+	Allow the user to create a new Container using the various methods enumerated below. In a non-global scope, this privilege only allows to clone an existing Container.
Create Container	+	-	-	-	Allow the user to create a new Container.
Clone Container	+	+	+	+	Allow the user to clone any Container included in the given scope.
Migrate physical server to Container	+	-	-	-	Allow the user to create a new Container on the basis of an existing physical server.
View Container properties	+	+	+	+	Allow the user to view the properties of any Container included in the given scope and to have the corresponding Container displayed in the lists of Containers. Note: This privilege is necessary for all the other Container Management privileges to work.
View extended resources	+	+	+	+	Allow the user to view the resources consumption and configuration on any Container included in the given scope.
Operate Container	+	+	+	+	Allow the user to start, stop, suspend, resume, and migrate any Container included in the given scope.
Start and stop Container	+	+	+	+	Allow the user to start and stop any Container included in the given scope.
Migrate Container	+	+	+	+	Allow the user to migrate any Container included in the given scope to another Hardware Node registered in Infrastructure Manager, provided the user has the privilege to access the Destination Node.
Configure Container	+	+	+	+	Allow the user to set up the various Container settings enumerated below.
Configure Container general settings	+	+	+	+	Allow the user to configure the general settings of any Container in the given scope: name and description, offline management, networking, and resources.
Manage applications	+	+	+	+	Allow the user to manage the software packages inside any Container in the given scope.
Manage devices	+	+	+	+	Allow the user to mount and unmount disk volumes in any Container in the given scope.
Maintenance	+	+	+	+	Allow the user to enter the repair mode for any Container included in the given scope.
Repair Container	+	+	+	+	Allow the user to enter the repair mode for any Container included in the given scope.
Backups Management	+	+	+	+	Allow the user to manage the backups of any Container included in the given scope.
List Container backups	+	+	+	+	Allow the user to view the backups of any Container included in the given scope.
Back up Container	+	+	+	+	Allow the user to back up any Container included in the given scope.
Restore Container	+	+	+	+	Allow the user to restore the backup of any Container included in the given scope.
Remove Container backups	+	+	+	+	Allow the user to delete the backups of any Container included in the given scope.
Manage files and services	+	+	+	+	Allow the user to manage the files and services in any Container included in the given scope.
Delete Container	+	+	+	+	Allow the user to delete any Container included in the given scope.
Node Management	+	+	+	-	Provide the user with all the various Node management permissions enumerated below.
View Node properties	+	+	+	-	Allow the user to view the properties of any Hardware Node included in the given scope and to have the corresponding Node displayed in the lists of Hardware Nodes. Note: This privilege is necessary for all the other Node Management privileges to work.
Configure Node	+	+	+	-	Allow the user to configure the email gateway, network settings, and application templates for any Hardware Node included in the given scope.
Configure email and notifications	+	+	+	-	Allow the user to configure the email gateway for any Hardware Node included in the given scope.
Configure network	+	+	+	-	Allow the user to configure the network settings for any Hardware Node included in the given scope: traffic accounting and shaping, proxy settings, network interfaces. Note: To allow the user to configure the proxy server settings, you should additionally enable the Configure email and notifications privilege.
Manage Templates	+	+	+	-	Allow the user to perform all the available operations on the application templates for any Hardware Node included in the given scope.
Backups Administration	+	+	+	-	Allow the user to administer any Node included in the given scope as a Backup Node.
Configure backups	+	+	+	-	Allow the user to configure the way of storing backups for any Hardware Node included in the given scope.
List backups	+	+	+	-	Allow the user to view the backups stored on any Hardware Node included in the given scope.
Store backups	+	+	+	-	Allow the user to place Container backups on any Hardware Node included in the given scope.
Remove backups	+	+	+	-	Allow the user to delete the Container backups from any Hardware Node included in the given scope.
Update System	+	+	+	-	Allow the user to configure the update repository settings for any Hardware Node included in the given scope.
Reboot	+	+	+	-	Allow the user to reboot any Hardware Node included in the given scope.
Logical Structure	+	+	-	-	Provide the user with all the possible privileges to build up the logical structure of the Virtuozzo datacenter.
List units	+	+	-	-	In the unit scope, allows the user to view the corresponding logical unit on the left Infrastructure Manager menu and view its contents. In the global scope, allows the user to view all logical units and their contents.
Manage Containers and Hardware Nodes in unit	+	+	-	-	Allow the user to manage the Hardware Nodes and Containers in any logical unit included in the given scope. Unlike the Administer unit privilege, this privilege does not allow the user to remove logical units.
Administer unit	+	+	-	-	Allow the user to manage the Hardware Nodes and Containers in any logical unit included in the given scope and remove the corresponding unit.
Manage sub-units	+	+	-	-	Allow the user to add sub-units to any logical unit included in the given scope and to remove sub-units from it.
Infrastructure	+	-	-	-	Provide the user with all the possible privileges to set up the Virtuozzo datacenter infrastructure.
Manage Virtuozzo Group	+	-	-	-	Allow the user to manage the whole Infrastructure Manager system of Hardware Nodes and Containers: view them, register and unregister Hardware Nodes, etc. Warning! This privilege should be included in the role intended for Virtuozzo administrators only.
Manage IP addresses pools	+	-	-	-	Allow the user to perform all the available operations on IP addresses pools.
Manage virtual networks	+	-	-	-	Allow the user to create, edit, and delete Virtuozzo virtual networks, as well as set up bridged networking on Hardware Nodes. Note: This kind of privilege is normally granted to a single person, so included in one role only.
Manage licenses	+	-	-	-	Allow the user to install and remove Virtuozzo licenses. Note: This kind of privilege is normally granted to a single person, so included in one role only.
Manage Container samples	+	-	-	-	Allow the user to perform all the available operations on Container configuration samples.
Set up messaging	+	-	-	-	Allow the user to configure the email messaging system.
Workflow	+	+	+	+	Provide the user with a set of privileges related to Container requesting and troubleshooting enumerated below.
Request new Container	+	-	-	-	Allow the user to submit a request for a new Container for themselves. Note: If Container requesting is enabled in Infrastructure Manager, it is natural to include this privilege in every role.
Process Container requests	+	-	-	-	Allow the user to fulfil or cancel the requests for new Containers. Note: This kind of privilege is normally granted to a single person, so included in one role only.
Troubleshooting	+	+	+	+	In the Container scope, allow the user to reinstall the Container. In the Hardware Node and unit scope, additionally allow the user to establish a support channel on any Node included in the given scope. In the global scope, additionally allow the user to report a problem and see the descriptions of Infrastructure Manager error codes.
Security	+	+	+	+	Allow the user to manage the Infrastructure Manager security policy. Warning! This privilege should be included in the role intended for Virtuozzo administrators only.
Manage users and groups	+	+	+	+	Allow the user to change the administrative password of any Container included in the given scope or set the administrative password during its reinstallation.
Manage roles	+	-	-	-	Allow the user to create, modify, and delete roles and create permissions on their basis in any scope. Warning! This privilege should be included in the role intended for Virtuozzo administrators only.
Manage authentication databases	+	-	-	-	Allow the user to register, configure, and unregister authentication databases in Parallels Infrastructure Manager.
Log Operations	+	+	+	+	Allow the user to view the logs and cancel the running tasks relevant to the given scope.
View logs	+	+	+	+	Allow the user to view the tasks logs, alerts, and events related to any Container included in the given scope.
Cancel running tasks	+	+	+	+	Allow the user to cancel the tasks initiated for any Container included in the given scope.

The table indicates whether using a particular privilege makes sense in each of the 4 available scopes:

G - the G lobal scope;
U - the scope of a single logical or infrastructure U nit;
N - the scope of a single Hardware N ode;
C - the scope of a single C ontainer.

After you have configured the role parameters, click the Submit button for the changed to take effect.

Please send us your feedback on this help page