This section explains roles.
For details on how to configure roles and access scopes for users and user groups, refer to "Chapter 3 Configuring Users and Customizing Roles" in the "User's Guide for Infrastructure Administrators (Resource Management) CE".
By specifying a combination of role and access scope for the target user or user group, the access privileges are restricted. The access scope is restricted by specifying resource folders, resource pools, or resources in the orchestration tree.
Among the users with the infrastructure admin role, those users who have had their scope of access limited can only refer to certain resources. For this reason, only an orchestration tree can be used among the trees of a resource tab. Switchover to other trees is not possible.
For details on trees, refer to "A.1 ROR Console" in the "User's Guide for Infrastructure Administrators (Resource Management) CE".
Note
Specify "all" (no access scope restriction) for the access scope of the administrator role, operator role, monitor role, infrastructure administrator role, and infrastructure operator role.
Target | Operation | infra_admin | infra_operator | tenant_admin | tenant_operator | tenant_monitor | tenant_user | administrator | operator | monitor |
|---|---|---|---|---|---|---|---|---|---|---|
L-Platform | Subscribe | No | No | Yes | No | No | Yes | Yes | No | No |
Reconfiguration | No | No | Yes | No | No | Yes | Yes | No | No | |
Movement | Yes | No | No | No | No | No | Yes | No | No | |
Cancel | No | No | Yes | No | No | Yes | Yes | No | No | |
Starting the server | No | No | Yes | Yes | No | Yes | Yes | Yes | No | |
Stopping the server | No | No | Yes | Yes | No | Yes | Yes | Yes | No | |
Snapshot and backup | No | No | Yes | Yes | No | Yes | Yes | Yes | No | |
Restore snapshot and backup | No | No | Yes | Yes | No | Yes | Yes | Yes | No | |
Delete snapshot and backup | No | No | Yes | Yes | No | Yes | Yes | Yes | No | |
Image Collection | No | No | Yes | Yes | No | No | Yes | Yes | No | |
Setup FW and SLB | No | No | Yes | No | No | Yes | Yes | No | No | |
Display event logs | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | |
Viewing | Yes | Yes | Yes | Yes | Yes | Yes (*8) | Yes | Yes | Yes | |
Viewing ([Resource] tab) | Yes | Yes | No | No | No | No | Yes | Yes | Yes | |
System Conditions | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | |
Capacity Planning | Yes | Yes | Yes | Yes | Yes | No | Yes | Yes | Yes | |
FW, SLB Operations | No | No | Yes | Yes | Yes (*1) | Yes | Yes | Yes | Yes (*1) | |
Migration ([Resource] tab) | No | No | No | No | No | No | Yes | No | No | |
L-Platform Templates | Create new templates | Yes | No | No | No | No | No | Yes | No | No |
Copying/Modification/Deletion/Display modification (*6) | Yes | No | Yes | No | No | No | Yes | No | No | |
Viewing | Yes | Yes (*2) | Yes | No | No | No | Yes | Yes (*2) | Yes (*2) | |
L-Platform Templates | Creation/Copying/ Modification/Deletion | Yes | No | Yes | No | No | No | Yes | No | No |
Viewing | Yes | Yes (*2) | Yes | No | No | No | Yes | Yes (*2) | Yes (*2) | |
L-Platform Templates | Creation/Copying/ Modification/Deletion/ Display modification | Yes | No | Yes | No | No | No | Yes | No | No |
Viewing | Yes | Yes (*2) | Yes | No | No | No | Yes | Yes (*2) | Yes (*2) | |
L-Platform Templates | Creation/Modification/Deletion | Yes | No | Yes | No | No | No | Yes | No | No |
Viewing | Yes | Yes (*2) | Yes | No | No | No | Yes | Yes (*2) | Yes (*2) | |
Tenant | Creation/Modification/Deletion | Yes | No | No | No | No | No | Yes | No | No |
Viewing | Yes | Yes | No | No | No | No | Yes | Yes | Yes | |
Usage Charges | Search by tenant | Yes | No | No | No | No | No | Yes | No | No |
Search by L-Platform | Yes | No | Yes | No | No | No | Yes | No | No | |
Application Process | Approval (*3) | No | No | Yes | No | No | No | Yes | No | No |
Evaluation | Yes | No | No | No | No | No | Yes | No | No | |
L-Server | Creation | No | No | No (*7) | No | No | No (*7) | Yes | No | No |
Configuration changes/Movement | No | No | No (*7) | No | No | No (*7) | Yes | No | No | |
Deletion | No | No | No (*7) | No | No | No (*7) | Yes | No | No | |
Modify attributes/Console screen | No | No | No (*7) | No (*7) | No | No (*7) | Yes | Yes | No | |
Starting an L-Server | No | No | No (*7) | No (*7) | No | No (*7) | Yes | Yes | No | |
Stopping an L-Server | No | No | No (*7) | No (*7) | No | No (*7) | Yes | Yes | No | |
Collecting cloning images | No | No | No (*7) | No (*7) | No | No | Yes | Yes | No | |
Backup/Snapshot | No | No | No (*7) | No (*7) | No | No (*7) | Yes | Yes | No | |
Restore backup and snapshot | No | No | No (*7) | No (*7) | No | No (*7) | Yes | Yes | No | |
Delete backup and snapshot | No | No | No (*7) | No (*7) | No | No (*7) | Yes | Yes | No | |
Viewing | Yes | Yes | No (*7) | No (*7) | No (*7) | No (*7) | Yes | Yes | Yes | |
Maintenance of L-Servers | Migration/Conversion/Reversion | Yes | No | No | No | No | No | Yes | No | No |
L-Server Templates | Import/Modification/Deletion | Yes | No | No | No | No | No | Yes | No | No |
Export | Yes | Yes | No | No | No | No | Yes | Yes | No | |
Viewing | Yes | Yes | No | No | No | No | Yes | Yes | Yes | |
L-Server for infrastructure administrators | Creation | Yes | No | No | No | No | No | No | No | No |
Configuration changes/Movement | Yes | No | No | No | No | No | Yes | No | No | |
Deletion | Yes | No | No | No | No | No | Yes | No | No | |
Modify attributes/Console screen | Yes | Yes | No | No | No | No | Yes | Yes | No | |
Starting an L-Server | Yes | Yes | No | No | No | No | Yes | Yes | No | |
Stopping an L-Server | Yes | Yes | No | No | No | No | Yes | Yes | No | |
Collecting cloning images | Yes | Yes | No | No | No | No | Yes | Yes | No | |
Backup/Snapshot | Yes | Yes | No | No | No | No | Yes | Yes | No | |
Restore backup and snapshot | Yes | Yes | No | No | No | No | Yes | Yes | No | |
Delete backup and snapshot | Yes | Yes | No | No | No | No | Yes | Yes | No | |
Viewing | Yes | Yes | No | No | No | No | Yes | Yes | Yes | |
Maintenance of the L-Server for the infrastructure administrator | Migration | Yes | No | No | No | No | No | Yes | No | No |
Resource pools | Creation/Modification/Movement/Deletion | Yes | No | No | No | No | No | Yes | No | No |
Resource registration/deletion (*4) | Yes | No | No | No | No | No | Yes | No | No | |
Migration of resources between resource pools | Yes | No | No | No | No | No | Yes | No | No | |
Viewing | Yes | Yes | No | No | No | No | Yes | Yes | Yes | |
Pool Conditions | Yes | Yes | Yes | Yes | Yes | No | Yes | Yes | Yes | |
Capacity Planning | Yes | Yes | Yes | Yes | Yes | No | Yes | Yes | Yes | |
Physical server | Registration/Modification/Deletion | Yes | No | No | No | No | No | Yes | No | No |
Power control (*5) | Yes | Yes | No | No | No | No | Yes | Yes | No | |
Console Screen Acquisition | Yes | Yes | No | No | No | No | Yes | Yes | No | |
Maintenance Mode Settings | Yes | No | No | No | No | No | Yes | No | No | |
Viewing | Yes | Yes | No | No | No | No | Yes | Yes | Yes | |
System Conditions | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | |
VM Hosts | Registration/Modification/Deletion | Yes | No | No | No | No | No | Yes | No | No |
Power Operations | Yes | Yes | No | No | No | No | Yes | Yes | No | |
Maintenance Mode Settings | Yes | No | No | No | No | No | Yes | No | No | |
Viewing | Yes | Yes | No | No | No | No | Yes | Yes | Yes | |
System Conditions | Yes | Yes | No | No | No | No | Yes | Yes | Yes | |
Capacity Planning | Yes | Yes | No | No | No | No | Yes | Yes | Yes | |
Image | Modification/Deletion | Yes | No | No | No | No | No | Yes | No | No |
Viewing | Yes | Yes | No | No | No | No | Yes | Yes | Yes | |
Storage Management Software | Registration/Modification/Deletion | Yes | No | No | No | No | No | Yes | No | No |
Viewing | Yes | Yes | No | No | No | No | Yes | Yes | Yes | |
VDI Management Software | Registration/Modification/Deletion | Yes | No | No | No | No | No | Yes | No | No |
Viewing | Yes | Yes | No | No | No | No | Yes | Yes | Yes | |
Chassis | Registration/Modification/Deletion | Yes | No | No | No | No | No | Yes | No | No |
Power Operations | Yes | Yes | No | No | No | No | Yes | Yes | No | |
Viewing | Yes | Yes | No | No | No | No | Yes | Yes | Yes | |
Network | Creation/Modification/Deletion | Yes | No | No | No | No | No | Yes | No | No |
Viewing | Yes | Yes | No | No | No | No | Yes | Yes | Yes | |
Network devices | Registration/Modification/Deletion | Yes | No | No | No | No | No | Yes | No | No |
Viewing | Yes | Yes | No | No | No | No | Yes | Yes | Yes | |
Management of Device Configuration Files | Yes | No | No | No | No | No | Yes | No | No | |
Server NIC Definitions | Reflect/Display | Yes | No | No | No | No | No | Yes | No | No |
Network Configuration Information | Import/Export | Yes | No | No | No | No | No | Yes | No | No |
External servers | Viewing | Yes | No | No | No | No | No | Yes | No | No |
Disk/Address/Power Monitoring Device | Registration/Modification/Deletion (*4) | Yes | No | No | No | No | No | Yes | No | No |
Viewing | Yes | Yes | No | No | No | No | Yes | Yes | Yes | |
Pre-configuration | Import/Export | Yes | No | No | No | No | No | Yes | No | No |
Download of Templates | Yes | Yes | No | No | No | No | Yes | Yes | Yes | |
Resource Folders | Creation/Modification/Movement/Deletion | Yes | No | No | No | No | No | Yes | No | No |
Viewing | Yes | Yes | No | No | No | No | Yes | Yes | Yes | |
Users | Modification of individual information | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
Addition/Modification/Deletion of users in the user group the user belongs to | Yes | No | Yes | No | No | No | Yes | No | No | |
Addition/Modification/Deletion of users in other user groups | Yes | No | No | No | No | No | Yes | No | No | |
Viewing | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | |
User Groups | Creation/Modification/Deletion | Yes | No | No | No | No | No | Yes | No | No |
Viewing | Yes | Yes | No | No | No | No | Yes | Yes | Yes |
Yes: Can operate
No: Cannot operate
FW: Firewall
SLB: Server load balancer
*1: Tenant monitors and monitors can use rulesets for operations that the infrastructure administrator has prepared for displaying information of network devices.
*2: Information about L-Platform templates can only be obtained using the L-Platform API.
*3: Dual-role administrators approve L-Platform applications submitted by dual-role administrators. Tenant administrators approve L-Platform applications submitted by tenant users or other tenant administrators.
*4: Users whose access scopes are not restricted should perform resource registration.
*5: The power operations are also available from BladeViewer.
*6: Tenant administrators can change and delete only the data that the user copied.
*7: The L-Server cannot be operated directly, as the [Resource] tab is not displayed for the tenant management role or the tenant user role. However, the definition does include the privileges to operate the L-Platform.
*8: It is possible to prevent tenant users from being able to refer to the initial password of the administrator of servers inside an L-Platform. For details on how to configure the settings, refer to "9.15 Display Settings for Initial Passwords [Windows Manager]" in the "Setup Guide CE".
Note
Operate resources registered in a resource pool, by selecting the resource in the resource pool after selection from the orchestration tree. To operate resources which are not registered in resource pool or resources which are unable to be registered, use a user with full operation access scope.
