Users, Roles, and Permissions
In Oracle Linux Virtualization Manager, there are two types of user domains:
local domain and external domain. During the installation of the
Manager, a default local domain called the
internal
domain is created with a default
admin@internal
user. This account is intended
for use when initially configuring the environment and for
troubleshooting.
You can create additional users on the internal
domain using ovirt-aaa-jdbc-tool
command
utility. For more information about creating users, see
Administering User and Group Accounts from the Command
Line in the Oracle Linux Virtualization Manager: Administration Guide.
User properties consist of the roles and permissions assigned to a user. The security roles for all actions and objects in the platform are granular, inheritable, and provide for multi-level administration.
Roles are sets of permissions defined in the Administration Portal and are used to specify permissions to resources in the environment. There are two types of roles:
-
Administrator Role - Conveys management permissions of physical and virtual resources through the Administration Portal. Examples of roles within this group are SuperUser, ClusterAdmin and DataCenterAdmin.
-
User Role - Conveys permissions for managing and accessing virtual machines and templates through the VM Portal by filtering what is visible to a user. Roles can be assigned to the users for individual resources, or levels of objects. Examples of roles within this group are UserRole, PowerUserRole and UserVmManager.
It is possible to create new roles with specific permissions applicable to a user's role within the environment. It is also possible to remove specific permissions to a resource from a role assigned to a specific user.
You can also use an external directory server to provide user
account and authentication services. You can use Active Directory,
OpenLDAP, and 389ds. Use the
ovirt-engine-extension-aaa-ldap-setup
command
to configure the connection to these directories.
Note:
After you have attached an external directory server, added
the directory users, and assigned them with appropriate roles
and permissions, the admin@internal
user
can be disabled if it is not required. For more information,
see Disabling User Accounts in the
Oracle Linux Virtualization Manager: Administration Guide.
For more information on users, roles, and permissions, see Global Configuration in the Oracle Linux Virtualization Manager: Administration Guide.