XCP-ng
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Acl setting not clear, how to

    Scheduled Pinned Locked Moved Xen Orchestra
    4 Posts 3 Posters 103 Views 2 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C Offline
      Chico008
      last edited by

      Hi

      I'm trying to understand Acl, but can't find out how this effectly works.

      I got 2 local users.
      admin, can do everything
      guest, limited action.

      i want guest user to only create/run/manage his VM on the existing pool.
      i don't want him to change setting, disconnect SR/network, only create/run/manage HIS vm, not others.

      how can i archive that ?

      if i make guest admin on the pool, he can do almost everything
      if i make it operator, he can stop/launch, but not create VM.

      i dont really understand how acl works, any official doc or else ?

      D I 2 Replies Last reply Reply Quote 0
      • D Offline
        DustinB @Chico008
        last edited by

        @Chico008 You'll need to use the "Self Service" options to create a set of permissions that allows your "guest" user to be able to create VMs on the pool.

        ACL's are applied separately.

        I personally think the permissions configuration needs some serious work, and it seems like the Self Service configuration is the way to go, albeit this is only available in the higher tiers of XOA or XO (Community Edition or from source).

        C 1 Reply Last reply Reply Quote 0
        • C Offline
          Chico008 @DustinB
          last edited by

          @DustinB
          just tried, it's indeed way better than i thought using self-service 🙂

          thanks

          1 Reply Last reply Reply Quote 0
          • I Offline
            irtaza9 @Chico008
            last edited by

            @Chico008

            ACLs are used to assign rights to the guest users. As you said you have an admin who can do anything. In case you want to go with acl then your guest can get no leverage by using ACL

            create vm

            You as an admin will create VMs and manage other stuff but you then have ability to give three type of rights to the guest user.

            admin, operator, viewer

            In case of VMs when you give the admin right to a user then it means that user can have ability to anything with that VM.

            Delete, Reboot, etc

            But from you query you said that you want to give a right to guest user to

            create/run the vms

            to achieve this you have to look Self Service feature which is supported in XO from sources and in Premium XOA

            In self service you have ability to create resource sets which are pools, storage, networks, templates etc, and assign a user or group to it.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post