About permissions

Permissions are used to control a user's access to the appliance and the resources managed by the appliance. Permissions consist of a role and an optional scope. The permission role grants the user access to resource categories. For example, the Server administrator role grants read, create, delete, update and use rights to the server hardware category. Specifying a permission scope further restricts the rights granted by the role to a subset of instances within a resource category. For example, scope can be used to restrict the server hardware rights granted by the Server administrator role to only the servers in the Test scope.

A user or group may be assigned multiple permissions. Use the Users and Groups screen to manage the permissions assigned to a user or group.

You create a login session when you log in to the appliance through the browser. On login, the session grants the user all permissions assigned by the Infrastructure Administrator.

A user granted multiple permissions can disable certain permissions. When operating with reduced permissions, the user is only allowed to perform actions authorized for the selected permission.

Allowing a user to operate in a least privilege mode is a security best practice. It allows the user to reduce the risk of making an unintended change.

Use the Change permission dialog to enable or disable session permissions.