Home privileges | | | | | | | | |
GUI Label _________________ | Application Tag | Privilege____________________________________ | Cloud Admin | Ent Admin | Ent User | Outbound API | Ent Viewer | Info |
|---|
| List enterprises within scope | ENTERPRISE_ENUMERATE | This privilege allows a user to view the list of enterprises within scope and to view statistics for those enterprises | X | | | | | |
| Allow user to switch enterprise | ENTERPRISE_ADMINISTER_ALL | This privilege allows a user to change to another enterprise, in order to administer it, by clicking the switch user button in the Enterprises list | X | | | X | | |
| Display enterprise statistics | ENTERPRISE_RESOURCE_SUMMARY_ENT | This privilege allows a user to filter statistics by enterprise to display the resources used by an enterprise in the enterprise resources panel | X | X | | X | X | |
| Display enterprise limits in statistics | ENTERPRISE_SHOW_STATS_LIMITS | This privilege allows a user to view enterprise limits in addition to resources used in the enterprise resources panel if the user has the Display enterprise statistics privilege | X | X | X | | | |
| View bills | BILLS_VIEW | This privilege allows a user to view bills and related widgets | X | | | | | |
| Manage bills | BILLS_MANAGE | This privilege allows a user to manage bills | X | | | | | |
| Display optimization dashboard tab | DASHBOARD_OPTIMIZATION_VIEW | This privilege allows a user to display the Optimization dashboard tab | X | | | | | |
| Display hybrid dashboard tab | DASHBOARD_HYBRID_VIEW | This privilege allows a user to display the hybrid Hybrid dashboard tab | X | | | | | |
| Display VM cost view widget on Hybrid dashboard tab | DASHBOARD_COST_PER_VM_VIEW | This privilege allows a user to display the Cost per VM widget | X | | | | | |
Infrastructure privileges | | | | | | | | |
GUI Label _________________ | Application Tag | Privilege____________________________________ | Cloud Admin | Ent Admin | Ent User | Outbound API | Ent Viewer | Info |
|---|
| Access infrastructure view and private DCs | PHYS_DC_ENUMERATE | This privilege allows a user to access the Infrastructure view and list the physical datacenters | X | | | X | | |
| Display resource usage panel | PHYS_DC_RETRIEVE_RESOURCE_USAGE | This privilege allows a user to view the resource usage panel in the Infrastructure view | X | | | X | | |
| Manage datacenter | PHYS_DC_MANAGE | This privilege allows a user to manage datacenters (add, edit and delete). Without it, the datacenter's properties will be read only | X | | | X | | |
| View datacenter details | PHYS_DC_RETRIEVE_DETAILS | This privilege allows a user to go inside a datacenter and view its details (racks, physical machines, VLANsnetworks, storage and allocation rules) | X | | | X | | |
| Manage datacenter infrastructure elements | PHYS_DC_ALLOW_MODIFY_SERVERS | This privilege allows a user to manage infrastructure elements (add, edit and delete racks and physical machines) | X | | | X | | |
| Manage network elements | PHYS_DC_ALLOW_MODIFY_NETWORK | This privilege allows a user to manage network elements (add, edit and delete public VLANsnetworks) | X | | | | | |
| Manage storage elements | PHYS_DC_ALLOW_MODIFY_STORAGE | This privilege allows a user to manage storage elements (add, edit and delete storage devices, pools, tiers and volumes) | X | | | | | |
| Manage allocation rules | PHYS_DC_ALLOW_MODIFY_ALLOCATION | This privilege allows a user to manage allocation rules (add and delete rules) | X | | | | | |
| Manage datacenter backup configuration | PHYS_DC_ALLOW_BACKUP_CONFIG | This privilege allows a user to manage backup configuration at datacenter level | X | | | X | | |
| Manage devices | MANAGE_DEVICES | This privilege allows a user to setup networking devices (Neutron) | X | | | | | |
| Manage public cloud regions | PCR_MANAGE | This privilege allows a user to manage public cloud regions (add, edit and delete). Without it, the public cloud region's properties will be read only | X | | | X | | |
| Access infrastructure view and PCRs | PCR_ENUMERATE | This privilege allows a user to access the Infrastructure view and list the public cloud regions | X | | | X | | |
| View public cloud region details | PCR_RETRIEVE_DETAILS | This privilege allows a user to go inside a public cloud region and view its details (virtual machines and hardware profiles) | X | | | X | | |
Virtual datacenters privileges | | | | | | | | |
GUI Label _________________ | Application Tag | Privilege____________________________________ | Cloud Admin | Ent Admin | Ent User | Outbound API | Ent Viewer | Info |
|---|
| Access virtual datacenters view | VDC_ENUMERATE | This privilege allows a user to access the Virtual Datacenters view | X | X | X | X | X | |
| Manage virtual datacenters | VDC_MANAGE | This privilege allows a user to manage virtual datacenters (add, edit and delete). Without it, the virtual datacenter details are read only | X | X | | X | | |
| Manage virtual appliances | VDC_MANAGE_VAPP | This privilege allows a user to manage virtual appliances (add, edit and delete) | X | X | X | X | | |
| Manage virtual network elements | VDC_MANAGE_NETWORK | This privilege allows a user to manage private and public VLANS networks (add, edit and delete) | X | X | | | | |
| Manage virtual storage elements | VDC_MANAGE_STORAGE | This privilege allows a user to manage storage volumes (add, edit and delete) | X | X | | | | |
| Manage floating IPs | MANAGE_FLOATINGIPS | This privilege allows a user to manage floating IPs (add and delete) | X | X | | X | | |
| Manage firewalls | MANAGE_FIREWALLS | This privilege allows a user to manage firewalls (add, edit and delete) for virtual datacenters | X | X | | X | | |
| Manage load balancers | MANAGE_LOADBALANCERS | This privilege allows a user to manage load balancers (add, edit and delete) for virtual datacenters | X | X | | X | | |
| Manage virtual storage controller | VDC_MANAGE_STORAGE_CONTROLLER | This privilege allows a user to manage the controller of storage volumes | X | X | X | X | | |
| Manage public IPs | MANAGE_PUBLICIPS | This privilege allows a user to manage public IPs for private virtual datacenters | X | X | X | | | |
| Modify allocation when attaching a disk | VDC_MANAGE_STORAGE_DISK_ALLOCATION | This privilege allows a user to modify the allocation of disks before they are deployed to the hypervisor and specify allocation when attaching a new disk and it is not possible once the VM is deployed (disk already created/copied) | X | | | | | |
| Manage NAT IPs | MANAGE_NATIPS | This privilege allows a user to manage NAT IPs for private virtual datacenters | X | X | X | | | |
| Manage VPNs | MANAGE_VPN | This privilege allows a user to manage VPNs | X | X | | X | | |
| Manage classic firewalls | MANAGE_CLASSIC_FIREWALLS | This privilege allows a user to manage classic firewalls (edit and delete) for devices | X | | | | | |
| Manage private IP reservations | MANAGE_PRIVATEIP_RESERVATION | This privilege allows a user to manage private ip reservationIP reservations | X | | | | |  |
| Manage default virtual datacenter firewall | MANAGE_DEFAULT_FIREWALL | This privilege allows a user to define a default virtual datacenter firewall | X | | | | | |
| Manage VDC default roles | VDC_MANAGE_DEFAULT_ROLE | This privilege allows a user to manage virtual datacenter roles (creation/edition) | X | | Virtual appliances privileges
| | | | | | | | |
GUI Label _________________ | Application Tag | Privilege____________________________________ | Cloud Admin | Ent Admin | Ent User | Outbound API | Ent Viewer | Info |
|---|
| Edit virtual appliance details | VAPP_CUSTOMISE_SETTINGS | This privilege allows a user to edit virtual appliance details (name, CPUs, etc.), go inside virtual appliances and view their details |
| Access public network tab | VDC_VIEW_PUBLIC_NETWORK | This privilege gives the user access to public network resources in virtual infrastructure | X | X | X | X | X | |
| Manage public network elements | VDC_MANAGE_PUBLIC_NETWORK | This privilege allows a user to manage public network resources in virtual infrastructure | X | X | X | X | X | |
| Access external network tab | VDC_VIEW_EXTERNAL_NETWORK | This privilege gives the user access to external network resources in virtual infrastructure | X | X | X | X | X | |
| Deploy and undeploy virtual appliances | VAPP_DEPLOY_UNDEPLOYManage external network elements | VDC_MANAGE_EXTERNAL_NETWORK | This privilege allows a user to deploy/undeploy virtual appliancesmanage external network resources in virtual infrastructure | X | X | X | X | X | |
Virtual appliances privileges | | |
| Perform virtual machine actions | VAPP_PERFORM_ACTIONS | This privilege allows a user to perform virtual machine actions (power on/off, pause, reboot, remote access) | X | X | X | X | | |
| Manage persistent templates | VAPP_CREATE_STATEFUL | This privilege allows a user to manage persistent virtual machine templates (create in VApp; create, edit and delete in virtual datacenter) | X | X | X | X | | |
| Create instance | VAPP_CREATE_INSTANCE | | | | | |
GUI Label _________________ | Application Tag | Privilege____________________________________ | Cloud Admin | Ent Admin | Ent User | Outbound API | Ent Viewer | Info |
|---|
| Edit virtual appliance details | VAPP_CUSTOMISE_SETTINGS | This privilege allows a user to create instance templates of a virtual machine within a virtual appliance | X | X | X | edit virtual appliance details (name, CPUs, etc.), go inside virtual appliances and view their details | X | X | X | X | | |
| Manage virtual machine hard disks | MANAGE_HARD_DISKSDeploy and undeploy virtual appliances | VAPP_DEPLOY_UNDEPLOY | This privilege allows a user to access the virtual machine hard disk tab and manage hard disks (add and delete)deploy/undeploy virtual appliances | X | X | X | X | | Manage layers |
| Perform virtual machine actions | VAPP_MANAGEPERFORM_LAYERSACTIONS | This privilege allows a user to manage anti-affinity layers in virtual appliances (create, edit and delete layersperform virtual machine actions (power on/off, pause, reboot, remote access) | X | X | X | X | | |
| Manage virtual machine backup configurationpersistent templates | VAPP_MANAGECREATE_BACKUPSTATEFUL | This privilege allows a user to access the backup configuration at virtual machine level and set the backup type and contentsmanage persistent virtual machine templates (create in VApp; create, edit and delete in virtual datacenter) | X | X | X | X | | Manage |
| virtual machine backup scheduleCreate instance | VAPP_DEFINECREATE_BACKUP_INFOINSTANCE | This privilege allows a user to specify an additional option for backup configuration by setting backup dates and timescreate instance templates of a virtual machine within a virtual appliance | X | X | X | | | |
| Manage workflow tasksWORKFLOW_OVERRIDEvirtual machine hard disks | MANAGE_HARD_DISKS | This privilege allows a user to start or cancel queued tasks if workflow is enabledaccess the virtual machine hard disk tab and manage hard disks (add and delete) | X | X | | | | Delete |
| unknown virtual machinesManage layers | VAPP_DELETEMANAGE_UNKNOWN_VMLAYERS | This privilege allows a user to delete virtual machines in unknown state | X | | | | | | Assign firewalls to virtual machines | ASSIGN_FIREWALLS | This privilege allows a user to assign already created firewalls to virtual machines | manage anti-affinity layers in virtual appliances (create, edit and delete layers) | X | X | X | | | | |
| Access persistent templates view | Manage virtual machine backup configuration | VAPP_STATEFULMANAGE_VIEWBACKUP | This privilege allows a user to access the persistent backup configuration at virtual machine templates viewlevel and set the backup type and contents | X | X | X | | | |
| Manage virtual machine backup disksschedule | VAPP_MANAGEDEFINE_BACKUP_DISKSINFO | This privilege allows a user to specify disks and disk backup types (snapshot and complete)an additional option for backup configuration by setting backup dates and times | X | X | | | | |
| Assign load balancers | ASSIGN_LOADBALANCERSManage workflow tasks | WORKFLOW_OVERRIDE | This privilege allows a user to assign load balancersstart or cancel queued tasks if workflow is enabled | X | X | | | | |
| Manage Delete unknown virtual machine metricsmachines | USERSVAPP_ENABLEDELETE_DISABLEUNKNOWN_VM_METRICS | This privilege allows a user to activate monitoring of delete virtual machines in unknown state | X | X | X | | | | Access metrics |
| USERS_SHOW_METRICSAssign firewalls to virtual machines | ASSIGN_FIREWALLS | This privilege allows a user to manage monitoringassign already created firewalls to virtual machines | X | X | X | | X | Restore virtual machine backups |
| Access persistent templates view | VAPP_RESTORESTATEFUL_BACKUPVIEW | This privilege allows a user to restore access the persistent virtual machine backupstemplates view | X | X | X | | | | Protect/unprotect virtual machines |
| VM_PROTECT_ACTIONManage virtual machine backup disks | VAPP_MANAGE_BACKUP_DISKS | This privilege allows a user to protect/unprotect a virtual machinespecify disks and disk backup types (snapshot and complete) | X | X | | | | |
| Consume virtual appliance specs | CONSUME_VAPP_SPECAssign load balancers | ASSIGN_LOADBALANCERS | This privilege allows a user to consume virtual appliance specsassign load balancers | X | X | | | X | | |
| Override Manage virtual machine constraintsmetrics | VMUSERS_ENABLE_EXCEEDDISABLE_CPUVM_RAMMETRICS | This privilege allows a user to modify virtual machine CPU and RAM to values outside the maximum and minimum values defined in the virtual machine templateactivate monitoring of virtual machines | X | X | X | | | | Edit virtual machine details |
| VM_EDIT_CPU_RAMAccess metrics | USERS_SHOW_METRICS | This privilege allows a user to edit virtual machine details (CPU and RAM)manage monitoring | X | X | X | | X | | |
| Retrieve default template credentials | VM_CHECK_USER_PASSWORDRestore virtual machine backups | VAPP_RESTORE_BACKUP | This privilege allows a user to retrieve the default user and password of a templaterestore virtual machine backups | X | X | | | |  | Relocate a VM to a compatible host | VM_RELOCATE |
| Protect/unprotect virtual machines | VM_PROTECT_ACTION | This privilege allows a user to relocate a VM to a compatible hostprotect/unprotect a virtual machine | X | | | | | |
| Manage workflow for scaling groups | SCALING_GROUP_MANAGE_WORKFLOWConsume virtual appliance specs | CONSUME_VAPP_SPEC | This privilege allows a user to enable or disable workflow for scaling groups.consume virtual appliance specs | X | | | X | | Attach NICs in restricted networks |
| Override virtual machine constraints | VM_EXCEED_ATTACHCPU_NICRAM | This privilege allows a user to attach NICs in restricted networksmodify virtual machine CPU and RAM to values outside the maximum and minimum values defined in the virtual machine template | X | | | | | Detach NICs from restricted networks |
| Edit virtual machine details | VM_DETACHEDIT_CPU_NICRAM | The This privilege allows a user to detach NICs from restricted networksedit virtual machine details (CPU and RAM) | X | X | X | X | | |
| Manage scaling groups | MANAGE_SCALING_GROUPSRetrieve default template credentials | VM_CHECK_USER_PASSWORD | This privilege allows a user to manage scaling groups (add, edit and delete)retrieve the default user and password of a template | X | | | | | | Manage virtual machine ISO disks |
| MANAGE_ISORelocate a VM to a compatible host | VM_RELOCATE | This privilege allows a user to manage ISO disks in virtual machines (add, edit and delete)relocate a VM to a compatible host | X | | | | | |
| Manage restricted VApps and VMsVAPP_RESTRICTED_MANAGEworkflow for scaling groups | SCALING_GROUP_MANAGE_WORKFLOW | This privilege allows a user to manage restricted VApps and VMsenable or disable workflow for scaling groups. | X | | | | | |
| View restricted VApps and Attach NICs in restricted networks to VMs | VAPPVM_RESTRICTEDATTACH_VIEWNIC | This privilege allows a user to view restricted VApps and VMsattach NICs in restricted networks | X | | | X | | Restrict VM |
| Detach NICs in restricted networks from VMs | VM_RESTRICTDETACH_NIC | This privilege allows a user to restrict VMsdetach NICs in restricted networks | X | | | | | Move VMs |
| Manage scaling groups | MANAGE_MOVESCALING_VMGROUPS | This privilege allows a user to move VMs between VDCsmanage scaling groups (add, edit and delete) | X | | | | | |
| Retrieve Manage virtual machine initial passwordISO disks | VM_RETRIEVE_INITIAL_PASSWORDMANAGE_ISO | This privilege allows a user to retrieve virtual machine initial passwordmanage ISO disks in virtual machines (add, edit and delete) | X | | | | | | Apps library privileges | | |
| Manage restricted VApps and VMs | VAPP_RESTRICTED_MANAGE | This privilege allows a user to manage restricted VApps and VMs | X | | | | | | |
GUI Label _________________ | Application Tag | Privilege____________________________________ | Cloud Admin | Ent Admin | Ent User | Outbound API | Ent Viewer | Info |
|---|
| Access Apps library view | APPLIB_VIEWView restricted VApps and VMs | VAPP_RESTRICTED_VIEW | This privilege allows a user to view restricted VApps and VMs | X | | | X | | |
| Restrict VM | VM_RESTRICT | This privilege allows a user to access the Appliance library viewrestrict VMs | X | X | | X | | | Manage VM templates from Apps library |
| APPLIB_ALLOW_MODIFYMove VMs | MANAGE_MOVE_VM | This privilege allows a user to view the Appliance library contents, modify virtual machine templates (download from remote repositories, edit and delete) and promote instancesmove VMs between VDCs | X | X | | X | | |
| Upload Retrieve virtual machine templateAPPLIB_UPLOAD_IMAGEinitial password | VM_RETRIEVE_INITIAL_PASSWORD | This privilege allows a user to upload virtual machine templates from a local file into the Apps library | X | X | | X | retrieve the initial password of a virtual machine | X | | | | | |
| Manage repository | APPLIB_MANAGE_REPOSITORYAssign public IPs to VMs | VM_ASSIGN_PUBLIC_IP | This privilege allows a user to manage repositories (add and delete repositories)to assign public IPs to VMs | X | X | X | X | X | |
| Download virtual machine template | APPLIB_DOWNLOAD_IMAGEAssign external IPs to VMs | VM_ASSIGN_EXTERNAL_IP | This privilege allows a user to download virtual machine templates from the Appliance library to their hard diskassign external IPs to VMs | X | X | X | X | X | | Manage VM template categories | APPLIB_MANAGE_CATEGORIES | This privilege allows a user to manage categories of virtual machine templates that belong to their enterprise (add and delete) | X | X
Apps library privileges | | | | | | | | |
| Manage VM template global categories | APPLIB_MANAGE_GLOBAL_CATEGORIES | This privilege allows a user to manage categories of virtual machine templates that are common and available to all enterprises (add and delete) | X | | | | | |
| Display datacenter capacity and free space | APPLIB_SHOW_DC_CAPACITY |
GUI Label _________________ | Application Tag | Privilege____________________________________ | Cloud Admin | Ent Admin | Ent User | Outbound API | Ent Viewer | Info |
|---|
| Access Apps library view | APPLIB_VIEW | This privilege allows a user to view the capacity and remaining space of a datacenteraccess the Appliance library view | X | X | | X | | Export a virtual machine template to datacenter |
| Manage VM templates from Apps library | APPLIB_EXPORTALLOW_TO_PRIVATEMODIFY | This privilege allows a user to export a virtual machine template to another private datacenter.view the Appliance library contents, modify virtual machine templates (download from remote repositories, edit and delete) and promote instances | X | X | | X | | |
| Export a Upload virtual machine template to public cloud region | APPLIB_EXPORTUPLOAD_TO_PUBLICIMAGE | This privilege allows a user to export a virtual machine template to another public cloud region.upload virtual machine templates from a local file into the Apps library | X | X | | X | | |
| Manage virtual appliance specsrepository | APPLIB_MANAGE_VAPP_SPECREPOSITORY | This privilege allows a user to manage virtual appliance specs repositories (add and editdelete repositories) | X | X | | | | |
| Download VM templates from remote repositoryvirtual machine template | APPLIB_DOWNLOAD_FROM_REMOTE_REPOSITORYIMAGE | This privilege allows a user to download virtual machine templates from remote repositoriesthe Appliance library to their hard disk | X | X | | X | | |
| Specify allocation of template disksManage VM template categories | APPLIB_DISKMANAGE_ALLOCATIONCATEGORIES | This privilege allows a user to specify the allocation of template disksmanage categories of virtual machine templates that belong to their enterprise (add and delete) | X | X | | | | | |
Users privileges | | Manage VM template global categories | APPLIB_MANAGE_GLOBAL_CATEGORIES | This privilege allows a user to manage categories of virtual machine templates that are common and available to all enterprises (add and delete) | X | | | | | | |
GUI Label _________________ | Application Tag | Privilege____________________________________ | Cloud Admin | Ent Admin | Ent User | Outbound API | Ent Viewer | Info |
|---|
| Access Users view | USERS_VIEW | This privilege allows a user to access the Users viewDisplay datacenter capacity and free space | APPLIB_SHOW_DC_CAPACITY | This privilege allows a user to view the capacity and remaining space of a datacenter | X | | | | | |
| Export a virtual machine template to datacenter | APPLIB_EXPORT_TO_PRIVATE | This privilege allows a user to export a virtual machine template to another private datacenter. | X | | | | | |
| Export a virtual machine template to public cloud region | APPLIB_EXPORT_TO_PUBLIC | This privilege allows a user to export a virtual machine template to another public cloud region. | X | | | | | |
| Manage virtual appliance specs | MANAGE_VAPP_SPEC | This privilege allows a user to manage virtual appliance specs (add and edit) | X | | | | | |
| Download VM templates from remote repository | APPLIB_DOWNLOAD_FROM_REMOTE_REPOSITORY | This privilege allows a user to download virtual machine templates from remote repositories | X | X | | | | |
| Specify allocation of template disks | APPLIB_DISK_ALLOCATION | This privilege allows a user to specify the allocation of template disks | X | | | | | |
Users privileges | | | | | | | | |
GUI Label _________________ | Application Tag | Privilege____________________________________ | Cloud Admin | Ent Admin | Ent User | Outbound API | Ent Viewer | Info |
|---|
| Access Users view | USERS_VIEW | This privilege allows a user to access the Users view | X | X | | X | | |
| Manage enterprises | USERS_MANAGE_ENTERPRISE | This privilege allows a user to manage enterprises (add, edit and delete) | X | | | X | | |
| Manage users | USERS_MANAGE_USERS | This privilege allows a user to manage users (add, edit and delete) | X | X | | X | | |
| Manage users of all enterprises | USERS_MANAGE_OTHER_ENTERPRISES | This privilege allows a user to manage users of more than one enterprise and move users between enterprises. Without it, the Enterprise list is not shown in Users view | X | | | X | | |
| No VDC restriction | USERS_PROHIBIT_VDC_RESTRICTION | Normally a user within an enterprise can have a list of VDCs assigned and these will be the only VDCs that they will be able to see. Setting this privilege exempts a user from having their VDC list restricted and they will be able to see all VDCs in their enterprise | X | X | | X | | Manage enterprises |
| Access Roles and Scope screens | USERS_MANAGEVIEW_ENTERPRISEPRIVILEGES | This privilege allows a user to manage enterprises (add, edit and delete)access the Roles and Scopes screen | X | | | X | | |
| Manage usersroles | USERS_MANAGE_USERSROLES | This privilege allows a user to manage users roles (add, edit and delete roles; modify privileges assigned to roles; assign scopes to roles) | X | X | | X | | Manage users of all enterprises |
| Associate role with enterprise | USERS_MANAGE_ROLES_OTHER_ENTERPRISES | This privilege allows a user to manage users of more than one enterprise and move users between enterprises. Without it, the Enterprise list is not shown in Users viewassociate a role with any enterprise | X | | | X | | No VDC restriction |
| Manage global role | USERS_PROHIBITMANAGE_VDCSYSTEM_RESTRICTION | Normally a user within an enterprise can have a list of VDCs assigned and these will be the only VDCs that they will be able to see. Setting this privilege exempts a user from having their VDC list restricted and they will be able to see all VDCs in their enterprise | X | X | | X | | | Access Roles and Scope screens | USERS_VIEW_PRIVILEGESROLES | This privilege allows a user to manage roles that are common and available to all enterprises, rather than being constrained to a single enterprise | X | | | | | |
| Display connected users | USERS_ENUMERATE_CONNECTED | This privilege allows a user to access the Roles and Scopes screendisplay connected users | X | | | X | | Manage roles |
| Define enterprise manager | USERS_DEFINE_MANAGEAS_ROLES | This privilege allows a user to manage roles (add, edit and delete roles; modify privileges assigned to roles; assign scopes to roles) | X | MANAGER | This privilege defines a user as an enterprise manager. Enterprise managers receive physical machine notification emails | X | X | | | | Associate role with enterprise |
| Manage Chef enterprises | USERS_MANAGE_ROLESCHEF_OTHER_ENTERPRISESENTERPRISE | This privilege allows a user to associate a role with any enterpriseenable and manage Chef for enterprises | X | | | | | |
| Manage global rolescopes | USERS_MANAGE_SYSTEM_ROLESSCOPES | This privilege allows a user to manage roles that are common and available to all enterprises, rather than being constrained to a single enterprisescopes (add, edit and delete scopes) | X | | | | | Display connected users |
| Manage enterprise reserved servers | USERS_ENUMERATEMANAGE_RESERVED_CONNECTEDMACHINES | This privilege allows a user to display connected usersmanage reserved servers at enterprise level | X | | | X | | |
| Define Modify enterprise managertheme | USERS_DEFINEMANAGE_ASENTERPRISE_MANAGERBRANDING | This privilege defines allows a user as an enterprise manager. Enterprise managers receive physical machine notification emailsto manage enterprise branding (select a specific theme for an enterprise) | X | X | | | | Manage Chef enterprises |
| Allow user to push own metrics | USERS_MANAGE_CHEFPUSH_ENTERPRISEMETRICS | This privilege allows a user to enable and manage Chef for enterprisespush their own metrics | X | X | X | | | |
| Manage scopesprovider credentials | USERS_MANAGE_SCOPESCREDENTIALS | This privilege allows a user to manage scopes provider credentials (add , edit and delete scopes) | X | | | | | |
| Manage enterprise reserved serversuser applications | USERS_MANAGE_RESERVED_MACHINESAPPLICATIONS | This privilege allows a user to manage reserved servers at enterprise levelapplications (add and delete) | X | | | X | | | Modify enterprise theme |
| USERSManage reseller enterprises | ENTERPRISE_MANAGE_ENTERPRISE_BRANDINGRESELLER | This privilege allows a user to manage enterprise branding (select a specific theme for an enterprise)resellers | X | | | | | |
| Allow user to push own metrics | USERS_PUSH_METRICSManage key node enterprises | ENTERPRISE_MANAGE_KEY_NODE | This privilege allows a user to push their own metricsmanage aggregation nodes | X | X | X | | | |
| Manage provider credentialsenterprise properties | USERSENTERPRISE_MANAGE_CREDENTIALSPROPERTIES | This privilege allows a user to manage provider credentials (add and delete)enterprise properties | X | | | | | |
| Manage user applicationsvirtual datacenter roles | USERS_MANAGE_VDC_APPLICATIONSROLES | This privilege allows a user to manage applications (add and deletevirtual datacenter roles (select default role, define user exceptions) | X | | | | | |
| Manage reseller enterprises | ENTERPRISE_MANAGE_RESELLERAccess budgets section | BUDGET_VIEW | This privilege allows a user to manage resellersaccess the budgets section | X | | | | | |
| Manage key node enterprisesbudgets | ENTERPRISEBUDGET_MANAGE_KEY_NODE | This privilege allows a user to manage aggregation nodesbudgets (create, edit and delete) | X | | | | | |
| Manage enterprise propertiesENTERPRISE_MANAGE_PROPERTIESuser allowed CIDRs | MANAGE_USER_CIDR_ACCESS | This privilege allows a user to manage enterprise propertiesallowed CIDRs for users | X | | | | | | |
System configuration privileges | | | | | | | | |
GUI Label _________________ | Application Tag | Privilege____________________________________ | Cloud Admin | Ent Admin | Ent User | Outbound API | Ent Viewer | Info |
|---|
| Access Configuration view | SYSCONFIG_VIEW | This privilege allows a user to access the Configuration view | X | | | X | | |
| Modify configuration data | SYSCONFIG_ALLOW_MODIFY | This privilege allows a user to edit all system-wide configuration settings | X | | | | | |
| Allow access to reports | SYSCONFIG_SHOW_REPORTS | This privilege allows a user to access external reports by clicking the Reports button. The button will only be visible if the 'Reports URL' system property is not empty (Configuration -> System Properties -> General -> Reports URL) | X | | | | | |
Pricing privileges | | | | | | | | |
GUI Label _________________ | Application Tag | Privilege____________________________________ | Cloud Admin | Ent Admin | Ent User | Outbound API | Ent Viewer | Info |
|---|
| Add a cost code when editing a VM template | APPLIB_VM_COST_CODE | This privilege allows a user to select a cost code when editing a virtual machine template | X | | | | | |
| Access Pricing view | PRICING_VIEW | This privilege allows a user to access the Pricing view | X | | | X | | |
| Manage pricing | PRICING_MANAGE | This privilege allows a user to manage pricing components (add, edit and delete currencies, pricing models and cost codes) | X | | | | | |
| Manage pricing credentials | MANAGE_PRICING_CREDENTIALS | This privilege allows a user to manage pricing credentials | X | X | | X | | |
Events privileges | | | | | | | | |
GUI Label _________________ | Application Tag | Privilege____________________________________ | Cloud Admin | Ent Admin | Ent User | Outbound API | Ent Viewer | Info |
|---|
| Display all events for current enterprise | EVENTLOG_VIEW_ENTERPRISE | This privilege allows a user to display all events related to the current enterprise | X | X | X | | X | |
| Display all events | EVENTLOG_VIEW_ALL | This privilege allows a user to display all events | X | | | | | |
Control privileges | | | | | | | | |
GUI Label _________________ | Application Tag | Privilege____________________________________ | Cloud Admin | Ent Admin | Ent User | Outbound API | Ent Viewer | Info |
|---|
| Access alarms section | USERS_VIEW_ALARMS | This privilege allows a user to access the alarms sections | X | | | X | | |
| Manage alarms | USERS_MANAGE_ALARMS | This privilege allows a user to manage alarms (create, edit and delete) | X | | | | | |
| Access alerts section | USERS_VIEW_ALERTS | This privilege allows a user to access the alerts sections | X | | | X | | |
| Manage alerts | USERS_MANAGE_ALERTS | This privilege allows a user to manage alerts (create, edit and delete) | X | | | | | |
| Access action plans, schedule and alert trigger tabs | ACTION_PLAN_VIEW | This privilege allows a user to access the Action plans, the Schedule and Alert trigger tabs | X | | | | | |
| Manage action plans and task schedules | ACTION_PLAN_MANAGE | This privilege allows a user to manage action plans, schedule and alert triggers | X | | | | | |
| View enterprise hierarchy | ENTERPRISE_VIEW_HIERARCHY | This privilege allows the user to display the enterprises in a hierarchy | X | | | | | |