Acl setting not clear, how to
-
Hi
I'm trying to understand Acl, but can't find out how this effectly works.
I got 2 local users.
admin, can do everything
guest, limited action.i want guest user to only create/run/manage his VM on the existing pool.
i don't want him to change setting, disconnect SR/network, only create/run/manage HIS vm, not others.how can i archive that ?
if i make guest admin on the pool, he can do almost everything
if i make it operator, he can stop/launch, but not create VM.i dont really understand how acl works, any official doc or else ?
-
@Chico008 You'll need to use the "Self Service" options to create a set of permissions that allows your "guest" user to be able to create VMs on the pool.
ACL's are applied separately.
I personally think the permissions configuration needs some serious work, and it seems like the Self Service configuration is the way to go, albeit this is only available in the higher tiers of XOA or XO (Community Edition or from source).
-
@DustinB
just tried, it's indeed way better than i thought using self-service
thanks
-
ACLs are used to assign rights to the guest users. As you said you have an admin who can do anything. In case you want to go with acl then your guest can get no leverage by using ACL
create vm
You as an admin will create VMs and manage other stuff but you then have ability to give three type of rights to the guest user.
admin, operator, viewer
In case of VMs when you give the admin right to a user then it means that user can have ability to anything with that VM.
Delete, Reboot, etc
But from you query you said that you want to give a right to guest user to
create/run the vms
to achieve this you have to look Self Service feature which is supported in XO from sources and in Premium XOA
In self service you have ability to create resource sets which are pools, storage, networks, templates etc, and assign a user or group to it.