List of all OnApp Permissions

The list below includes all the permissions that can be set up in OnApp.

Accelerators

OnApp administrators can control users' ability to manage accelerators through the Control Panel's Roles and Sets menu. You can set the following accelerator permissions for user roles:

  • Any action on Accelerators - the user can take any actions on accelerators
  • Change an owner of any Accelerator - the user can change the owner of any accelerator
  • Create a new Accelerator - the user can create a new accelerator
  • Destroy any Accelerator - the user can destroy any accelerator
  • Destroy own Accelerators - the user can destroy own accelerators
  • Migrate any Accelerator - the user can migrate any accelerator
  • Migrate own Accelerators - the user can migrate own accelerators
  • Any power action on Accelerators- the user can take any power-related action on accelerator
  • Any power action on own Accelerators - the user can take any power-related action on own accelerators
  • See all Accelerators - the user can see all accelerators
  • See own Accelerators - the user can see own accelerators
  • Rebuild Network on any Accelerator - the user can rebuild network on any accelerator
  • Rebuild Network on own Accelerators - the user can only rebuild network on own accelerators
  • Change Suspended status for any Accelerator - the user can change Suspended status for any accelerator
  • Unlock any Accelerator - the user can unlock any accelerator
  • Update any Accelerator - the user can update any accelerator
  • Update own Accelerators - the user can update own accelerators

For details, refer to the CDN Accelerator section.


Activity logs

OnApp administrators can control users' ability to manage activity logs configuration through the Control Panel's Roles and Sets menu. The following activity logs for user roles can be set:

  • Any action on Activity Logs - the user can take any action on activity logs
  • Destroy any Activity Logs - the user can delete activity logs
  • Destroy own Activity Logs - the user can only delete their own activity logs
  • See list of all Activity Logs - the user can see list of all activity logs
  • See list own Activity Logs - the user can only see list of their own activity logs
  • See all Activity Logs - the user can see all activity logs
  • See all own Activity Logs - the user can only see their own activity logs

Application Servers

OnApp administrators can control users' ability to manage application servers. This is handled through the Control Panel's Roles and Sets menu. You can set the following application servers permissions for user roles:

  • Any action on application servers – the user can take any action on application servers
  • Change an owner of any application server – the user can change the owner of any application server
  • Create a new application server – the user can create a new application server
  • Destroy any application server – the user can delete any application server. To delete any application server together with its backups, the user needs to have the Destroy any backup permission enabled. Otherwise, the backups of the application server deleted by the user will remain in the system.
  • Destroy own application servers – the user can only delete their own application servers. To delete an application server together with its backups, the user needs to have the Destroy own backup permission enabled. Otherwise, the backups of the application server deleted by the user will remain in the system.
  • Migrate any application server – the user can migrate any application server
  • Migrate own application servers – the user can only migrate their own application servers
  • Any power action on application servers – the user can take any power-related action on application servers
  • Any power action on own application servers – the user can only take power-related actions on their own application servers
  • See all application servers – the user can view any application server. If this permission is enabled, the user can manage applications deployed on any application server.
  • See own application servers – the user can only view their own application servers. If this permission is enabled, the user can manage applications deployed on their application servers
  • Read VIP status - the user can read VIP status of application servers.
  • Rebuild Network on any application server – the user can rebuild network of any application server
  • Rebuild Network on own application servers – the user can only rebuild network of own application server
  • Set VIP status - the user can set/delete VIP status for application servers
  • Change Suspended status for application server – the user can change Suspended status for an application server
  • Unlock any application server – the user can unlock any application server
  • Update any application server – the user can edit any application server
  • Update own application servers – the user can only edit their own application servers

For details, refer to Application Servers section.

Autoscaling Configuration

OnApp administrators can control users' ability to manage VS autoscaling configuration through the Control Panel's Roles and Sets menu. The following autoscaling permissions for user roles can be set:

  • Any Actions with Autoscaling Configuration - the user can take any action on autoscaling configuration
  • Create Autoscaling Configuration  - the user can create autoscaling configuration
  • Destroy any Autoscaling Configuration  - the user can delete autoscaling configuration
  • Destroy own Autoscaling Configuration  - the user can only delete own autoscaling configuration
  • Read all Autoscaling Configuration  - the user can read autoscaling configuration
  • Read own Autoscaling Configuration  - the user can only read own autoscaling configuration
  • Update all Autoscaling Configuration  - the user can edit autoscaling configuration
  • Update own Autoscaling Configuration  - the user can only edit own autoscaling configuration

For details, refer to the Autoscale Virtual Server section.

Autoscaling monitors

OnApp administrators can control users' access to monitis monitors. You can set the following monitis monitors permissions for user roles:

  • Any Actions on relation autoscaling monitors - the user can perform any actions on relation monitis monitors
  • View autoscaling monitor information - the user can view monitis monitor information

For details, refer to View Load Balancer Autoscaling Monitors section.

Auto-backup presets

OnApp administrators can control users' ability to manage auto-backup presets configuration through the Control Panel's Roles and Sets menu. The following auto-backup presets permissions for user roles can be set:

  • Any action on auto-backup presets - the user can take any action on auto-backup presets that have been backed up automatically
  • See all auto-backup presets - the user can see all auto-backup presets that have been backed up automatically
  • Update any auto-backup presets  - the user can edit any auto-backup presets that has been backed up automatically

For details, refer to Auto-backup Presets Settings section.


Availability

OnApp administrators can control users' ability to manage availability configuration through the Control Panel's Roles and Sets menu. The following availability permission for user roles can be set:

  • Any action on Availability settings - user can take any actions on Availability settings

Backup server zones

OnApp administrators can control users' ability to manage backup server zones through the Control Panel's Roles and Sets menu. The following backup server zone permissions for user roles can be set:

  • Any action on backup server zones - the user can take any action on backup server zones
  • Create a new backup server zone - the user can create a new backup server zone
  • Delete any backup server zone - the user can delete any backup server zone
  • See list of all backup server zones - the user can see list of all backup server zones
  • See details of any backup server zone - the user can see details of any backup server zone
  • Update any backup server zone - the user can edit any backup server zone

For details, refer to Backup Server Zones Settings chapter.



Backup servers

OnApp administrators can control users' ability to manage backup servers through the Control Panel's Roles and Sets menu. You can set the following backup server permissions for user roles:

  • Any action on Backup servers - the user can take any action on any Backup server
  • Add a new Backup server - the user can add a Backup server
  • Delete any Backup server - the user can delete any Backup server
  • See all Backup servers - the user can see all Backup servers
  • Update any Backup server - the user can edit any Backup server

For details, refer to Backup Servers Settings chapter.



Backups

OnApp administrators can control users' ability to manage backups through the Control Panel's Roles and Sets menu. You can set the following backup permissions for user roles:

  • Any action on backups - the user can take any action on any backup
  • Convert any backup to template - the user can take any backup of any virtual server, and convert it to a template
  • Convert own backup to template - the user can only convert their own backups to templates
  • Create backup for any VS - the user can create a backup of any virtual server
  • Create backup for own VS - the user can only create backups of their own virtual servers
  • Destroy any backup - the user can delete any backup. To delete any virtual server together with its backups, the user needs to have this permission enabled. Otherwise, the backups of the VS deleted by the user will remain in the system.
  • Destroy own backup - the user can only delete their own backups. To delete own virtual server together with its backups, the user needs to have this permission enabled. Otherwise, the backups of the VS deleted by the user will remain in the system.
  • See all backups - the user can see all backups
  • See own backups - the user can only see their own backups
  • Update any backup - the user can edit any backup
  • Update own backup - the user can only edit their own backups

For details, refer to Virtual Server Backups section.

Base resources

OnApp administrators can control users' ability to manage billing plan resources through the Control Panel's Roles and Sets menu. You can set the following base resource permissions for user roles:

  • Any action on resources - the user can take any action on base resources
  • Create a new resource - the user can create a new base resource
  • Delete any resource - the user can delete any base resource
  • See list of all resources - the user can see list of all base resources
  • See details of any resource - the user can see details of any base resource
  • See own base resources - the user can only see own base resources
  • Update any resource - the user can edit any base resource

For details, refer to Billing Plans chapter.



Billing plans

OnApp administrators can control users' ability to manage billing plans through the Control Panel's Roles and Sets menu. You can set the following billing plan permissions for user roles:

  • Any action on billing plans - the user can take any action on any billing plan
  • Create a new billing plan - the user can create a new billing plan
  • Delete any billing plan - the user can delete any billing plan
  • See list of all billing plans - the user can see list of all billing plans
  • See details of any billing plan - the user can see details of any billing plan
  • See own billing plan - the user can only see own billing plan
  • Update any billing plan - the user can edit any billing plan

For details, refer to Billing Plans chapter.

Blueprints

OnApp administrators can control users' ability to manage blueprints through the Control Panel's Roles and Sets menu. You can set the following blueprint permissions for user roles:

  • Any action on blueprints - the user can take any action on blueprints
  • Create a new blueprint - the user can create a new blueprint
  • Destroy any blueprint - the user can delete any blueprint
  • Destroy own blueprint - the user can delete own blueprints
  • See all blueprints - the user can see list of all blueprints
  • Read own blueprint - the user can see details of own blueprint
  • Update any blueprint - the user can edit own blueprint
  • Update own blueprint - the user can edit any blueprint

For details, refer to Blueprint Servers section.

Blueprint templates

  • Any action on blueprint templates - the user can take any action on blueprint templates
  • Create a new blueprint template - the user can create a new blueprint template
  • Destroy any blueprint template - the user can delete any blueprint template
  • Destroy own blueprintemplate - the user can delete own blueprint templates
  • See all blueprint templates - the user can see list of all blueprint templates
  • Read own blueprint template - the user can see details of own blueprint template
  • Update any blueprint template - the user can edit any blueprint template
  • Update own blueprint template - the user can edit own blueprint template

For details, refer to Blueprint Templates section.

Blueprint template groups

  • Any action on blueprint template groups - the user can take any action on blueprint template groups
  • Create a new blueprint template group - the user can create new blueprint template groups
  • Destroy any blueprint template group - the user can delete any blueprint template group 
  • See list of all blueprint template groups - the user can see list of all blueprint template groups
  • See all blueprint template groups - the user can see all blueprint template groups
  • Update any blueprint template group - the user can update any blueprint template group 

For details, refer to Blueprint Template Groups section.



Blueprint template group relations

  • Any action on blueprint template group relations - the user can take any action on blueprint template group relations
  • Create a new blueprint template group relation - the user can create a new blueprint template group relation
  • Destroy any blueprint template group relation - the user can delete any blueprint template group relation
  • See list of all blueprint template group relations - the user can see list of all blueprint template group relations
  • See all blueprint template group relations - the user can see details of all blueprint template group relations
  • Update any blueprint template group relation - the user can edit any blueprint template group relations group

For details, refer to Blueprint Template Groups section

Catalogs

OnApp administrators can control users' ability to manage vCloud Director catalogs through the Control Panel's Roles and Sets menu. You can set the following catalogs permissions for user roles:

  • Any action on Catalogs - the user can take any action on сatalogs
  • Create a new Catalog - the user can create new catalogs
  • Delete any Catalog - the user can delete any catalog
  • Delete own Catalogs - the user can only delete own catalogs
  • Read any Catalog - the user can see the the list of all catalogs
  • Read own Catalogs - the user can only see own catalogs

CDN locations

OnApp administrators can control users' ability to manage CDN locations through the Control Panel's Roles and Sets menu. You can set the following CDN locations permissions for user roles:

  • Any action on CDN Locations - the user can take any action on CDN locations
  • See all CDN Locations - the user can see details of all CDN locations
  • Update any CDN Locations - the user can edit any CDN locations


CDN resources

OnApp administrators can control users' ability to manage CDN resources through the Control Panel's Roles and Sets menu. You can set the following CDN resources permissions for user roles:

  • Any action on CDN resources - the user can take any action on CDN resources
  • Create a new CDN resource - the user can create a new CDN resource
  • Destroy any CDN resource - the user can delete a CDN resource
  • Destroy own CDN resources - the user can only delete their own CDN resources
  • See all CDN resources - the user can see all CDN resources
  • See own CDN resources - the user can only see their own CDN resources
  • Update any CDN resource - the user can edit any CDN resource
  • Update own CDN resources - the user can only edit their own CDN resources

For details, refer to CDN Resources section.

CDN SSL Certificates

  • Any action on CDN SSL Certificates - the user can take any action on CDN SSL certificates
  • Create a new CDN SSL Certificates - the user can create a new CDN SSL certificate
  • Destroy any CDN SSL Certificates - the user can delete any CDN SSL certificate
  • Destroy own CDN SSL Certificate - the user can only delete their own CDN SSL certificates
  • See all CDN SSL Certificates - the user can see all CDN SSL certificates. If this permission is disabled, the user cannot create SSL certificates.
  • See own CDN SSL Certificates - the user can only see their own CDN SSL certificates
  • Update any CDN SSL Certificates - the user can edit any CDN SSL certificate
  • Update own CDN SSL Certificates - the user can only edit their own CDN SSL certificates

For details, refer to CDN SSL Certificates section.

CDN usage statistics

OnApp administrators can control users' ability to manage CDN usage statistics through the Control Panel's Roles and Sets menu. You can set the following CDN usage statistics permissions for user roles:

  • See details of CDN usage statistics - the user can see CDN usage statistics details
  • User can see CDN usage statistics - the user can see CDN usage statistics
  • User can see own CDN usage statistics - the user can only see own CDN usage statistics

For details, refer to CDN usage section.

CloudBoot

  • Manage CloudBoot configurations - the user can manage Cloud Boot settings

Company Billing Plans

OnApp administrators can control users' ability to manage company billing plans. This is handled through the Control Panel's Roles and Sets menu. You can set the following company billing plan permissions for user roles:

  • Any action on company billing plans - the user can take any action on any company billing plan
  • Create a new company billing plan - the user can create a new company billing plan
  • Delete any company billing plan - the user can delete any company billing plan
  • See details of any company billing plan - the user can see details of any company billing plan
  • See own company billing plan - the user can see only the billing plan of their own company
  • Update any company billing plan - the user can edit any company billing plan


Compute resources

OnApp administrators can control users' ability to manage Compute resources. This is handled through the Control Panel's Roles and Sets menu. You can set the following Compute resource permissions for user roles:

  • Any action on Compute resources - the user can take any action on Compute resources
  • Create a new Compute resource - the user can create a new Compute resource
  • Destroy any Compute resource - the user can delete any Compute resource
  • Set maintenance mode for any compute resource - the user can set maintenance mode for any Compute resource
  • See all Compute resources - the user can see all Compute resources
  • Show Compute resources on Virtual Server creation  - display Compute resources on Add New Virtual Server screen. Note: the See All Compute resources permission must be enabled for this permission to work properly. 
  • Reboot any Compute resource - the user can reboot any Compute resource
  • Update any Compute resource - the user can edit any Compute resource

For details, refer to Compute Resource Settings chapter.

Compute Resource Devices

OnApp administrators can control users' ability to manage compute resource devices. This is handled through the Control Panel's Roles and Sets menu. You can set the following compute resource devices permissions for user roles:

  • Any action on Compute Resource Devices - the user can take any action on compute resource devices
  • See all Compute Resource Devices - the user can see all compute resource devices
  • Update any Compute Resource Device - the user can edit any compute resource device

Compute zones

OnApp administrators can control users' ability to manage Compute zones. This is handled through the Control Panel's Roles and Sets menu. You can set the following Compute zone permissions for user roles:

  • Any action on Compute zones - the user can take any action on Compute zones
  • Create a new Compute zone - the user can create a new Compute zone
  • Delete any Compute zone - the user can delete any Compute zone
  • See list of all Compute zones - the user can see list of all Compute zones
  • See details of any Compute zone - the user can see details of any Compute zone
  • Show Compute Zones on Virtual server creation - display Compute zones on Add New Virtual Server screen. Note: the See Details of any Compute Zone permission must be enabled for this permission to work properly.
  • Manage recipes for Compute zone - the user can manage recipes for any Compute zone
  • Update any Compute zone - the user can edit any Compute zone

For details, refer to Compute Zones Settings chapter.


Control panel

  • Manage recipes for Control Panel - the user can manage recipes for any Control Panel

This permission will not be granted by pressing Full access button while editing the list of Permissions in the Roles section and can only be selected manually.


Currencies

OnApp administrators can control users' ability to manage currency through the Control Panel's Roles and Sets menu. You can set the following currency permissions for user roles:

  • Any action on Currencies - the user can take any action on currencies
  • Create new Currency - the user can create a new currency
  • Delete any Currency - the user can delete any currency
  • See list of all Currencies - the user can view any currency
  • Update all Currencies - the user can update any currency

For details, refer to Currencies section.


Customer networks

  • Any action on customer networks – the user can take any action on customer networks
  • Create own customer network – the user can create own customer networks
  • Destroy own customer network – the user can delete own customer networks
  • See own customer networks – the user can view own customer networks

For details, refer to Customer vCenter Networks section 


Customer VLANs

  • Any action on Customer VLAN - the user can see all actions available on customer VLANs
  • Create a new Customer VLAN - the user can create a new customer VLAN
  • Destroy any Customer VLAN  - the user can delete all customer VLANs
  • See all Customer VLANs - the user can view any customer VLAN
  • Update any Customer VLAN - the user can edit any customer VLAN 

For details, refer to Customer VLANs section.

Dashboard

OnApp administrators can control users' access to the dashboard through the Control Panel's Roles and Sets menu. You can set the following dashboard permissions for user roles:

  • All actions on Dashboard - the user can see all available dashboard actions
  • See Alerts - the user can see alerts on the dashboard, including zombie VSs and transactions, and background processes
  • See Global Statistic - the user can see Global Dashboard statistics
  • See License Details - the user can see Dashboard Cloud Licenses' details
  • Show cloud dashboard - the user can see the cloud details on the dashboard
  • Show vCloud dashboard - the user can see vCloud Director details on the dashboard

For details, refer to Dashboard section.

Data stores

OnApp administrators can control user access to data store management. You can set the following data store permissions for user roles:

  • Any action on data_stores - the user can take any action on data stores
  • Create a new data_store - the user can create a new data store
  • Destroy any data_store - the user can delete any data store
  • See all data_stores - the user can see all data stores
  • Update any data_store - the user can edit any data store

For details, refer to Data stores section.

Data store joins

OnApp administrators can control users' ability to manage data store joins through the Control Panel's Roles and Sets menu. You can set the following data store joins permissions for user roles:

  • All actions on datastores on Compute resource - the user can take any action on data stores attached to a Compute resource
  • Add Data Store to any Compute resource - the user can add a data store to any Compute resource
  • Remove Data Store from any Compute resource - the user can detach a data store from any Compute resource

For details, refer to Manage Compute Zone Data Stores Manage Compute Zone Data Stores section.


Data store zones

OnApp administrators can control user access to data store zones management. You can set the following data store zone permissions for user roles:

  • Any action on data store zones - the user can take any action on data store zones
  • Create a new data store zone - the user can create a new data store zone
  • Delete any data store zone - the user can delete any data store zone
  • See list of all data store zones - the user can see list of all data store zones
  • See details of any data store zone - the user can see details of any data store zone
  • Update any data store zone - the user can edit any data store zone

For details, refer to Data Store Zones Settings section.

Disks

OnApp administrators can control user access to disks management. You can set the following disks permissions for user roles:

  • Any action on disks - the user can take any action on disks
  • Auto-backup for any disk - the user can schedule an automatic backup on any disk
  • Auto-backup for own disk - the user can only schedule automatic backups on their own disks
  • Create a new disk - the user can create a new disk
  • Destroy any disk - the user can delete any disk
  • Destroy own disk - the user can only delete their own disks
  • Migrate any disk -  the user can migrate any disk

  • Migrate own disks -  the user can only migrate their own disks

  • See all disks - the user can see all disks
  • See own disks - the user can only see their own disks
  • Unlock any disk - the user can unlock any disk
  • Update any disk - the user can edit any disk
  • Update own disk - the user can only edit their own disks

For details, refer to Virtual Server Disks section.

DNS zone

OnApp administrators can control users' ability to manage DNS zones through the Control Panel's Roles and Sets menu. You can set the following DNS zone permissions for user roles:

  • Any action on DNS zone - the user can take any action on DNS zone
  • Create a new DNS zone - the user can create a new DNS zone
  • Destroy any DNS zone - the user can delete a DNS zone
  • Destroy own DNS zone - the user can only delete their own DNS zones
  • See all DNS zones - the user can see all DNS zones
  • See own DNS zones - the user can only see their own DNS zones
  • Any action on DNS record - the user can take any action on DNS record
  • Create a new DNS record - the user can create a new DNS record
  • Destroy any DNS record - the user can delete a DNS record
  • See all DNS records - the user can see all DNS records
  • See own DNS records - the user can see own DNS records
  • Update any DNS record - the user can update any DNS record
  • Update own DNS record - the user can update own DNS record
  • DNS Setup - the user can set up DNS

For details, refer to DNS chapter.

DRaaS

OnApp administrators can control users' ability to manage DRaaS through the Control Panel's Roles and Sets menu. You can set the following DRaaS permissions for user roles:

  • Any action related to DRaaS - the user can take any action related to DRaaS

Edge Gateways

OnApp administrators can control users' ability to manage vCloud Director edge gateways through the Control Panel's Roles and Sets menu. You can set the following edge gateway permissions for user roles:

  • Any action on edge gateways - the user can take any action on edge gateways
  • Read any edge gateways - the user can see the list of all edge gateways
  • Read own edge gateways - the user can only see own edge gateways


Edge groups

OnApp administrators can control users' ability to manage edge groups through the Control Panel's Roles and Sets menu. You can set the following edge groups permissions for user roles:

  • Any action on edge groups - the user can take any action on edge groups
  • Create a new edge group - the user can create a new edge group
  • Destroy any edge group - the user can delete any edge group
  • See all edge groups - the user can see all edge groups
  • See list of available Edge Group Locations - allows users to see the list of all available locations which can be assigned to the edge group
  • Read price for all Edge Group Locations - with this permission users will see the price for using the location. Without this permission, users won’t see the price column at all neither for assigned location nor for available
  • Update any edge group - the user can edit any edge group

For details, refer to CDN Edge Groups section.

Edge servers

OnApp administrators can control users' ability to manage edge servers through the Control Panel's Roles and Sets menu. You can set the following edge server permissions for user roles:

  • Any action on Edge Server - the user can take any actions on edge servers
  • Change an owner of any Edge Server - the user can change the owner of any edge server
  • Create a new Edge Server - the user can create a new edge server
  • Destroy any Edge Server - the user can destroy any edge server
  • Destroy own Edge Servers - the user can destroy own edge servers
  • Migrate any Edge Server - the user can migrate any edge server
  • Migrate own Edge Servers - the user can migrate own edge servers
  • Any power action on Edge Servers- the user can take any power-related action on edge server
  • Any power action on own Edge Servers - the user can take any power-related action on own edge servers
  • See all Edge Servers - the user can see all edge servers
  • See own Edge Servers - the user can see own edge servers
  • Read VIP status - the user can read VIP status of edge servers
  • Rebuild Network on any Edge Server - the user can rebuild network on any edge server
  • Rebuild Network on own Edge Servers - the user can only rebuild network on own edge servers
  • Set VIP status - the user can set/delete VIP status for edge servers
  • Change Suspended status for Edge Server - the user can change Suspended status for any edge server
  • Unlock any Edge Server - the user can unlock any edge server
  • Update any Edge Server - the user can update any edge server
  • Update own Edge Servers - the user can update own edge servers

For details, refer to CDN Edge Servers section.

Federation

OnApp administrators can control users' ability to access federated resources through the Control Panel's Roles and Sets menu. You can set the following federation permissions for user roles:

  • Any actions on federation resources - the user can perform any action on federated resources
  • Add Compute zone to federation - the user can add Compute zone to federation
  • View unsubscribed federation resources - the user can view unsubscribed federation resources
  • Remove Compute zone from federation - the user can remove Compute zone from federation
  • Activate or deactivate Compute zone for federation - the user can activate or deactivate Compute zone for federation
  • Subscribe to the Compute zone - the user can subscribe to the Compute zone
  • Unsubscribe from the Compute zone - the user can unsubscribe from the Compute zone

For details, refer to the Federation Guide.

Federation failed action

OnApp administrators can control users' ability to manage federated VSs failed actions through the Control Panel's Roles and Sets menu. You can set the following federated VSs failed actions permissions for user roles:

  • Any actions on federation failed actions - the user can perform any action on failed actions
  • Clean all federation failed actions - the user can clean all failed actions
  • Clean own federation failed actions - the user can clean only those failed actions that refer to the VSs they have built
  • Read all federation failed actions - the user can view all failed actions
  • Read own federation failed actions - the user can view only those failed actions that refer to the VSs they have built


Firewall rules

OnApp administrators can control users' ability to manage firewall rules through the Control Panel's Roles and Sets menu. You can set the following firewall rules permissions for user roles:

  • Any Action on Firewall Rules - the user can take any actions with firewall rules
  • Create Firewall Rules for anyone - the user can create firewall rules for anyone
  • Create own Firewall Rules - the user can only create own firewall rules
  • Destroy any Firewall Rules - the user can delete any firewall rules
  • Destroy own Firewall Rules - the user can only delete own firewall rules
  • Read all Firewall Rules - the user can read all firewall rules
  • Read own Firewall Rules - the user can only read own firewall rules
  • Update all Firewall Rules - the user can edit all firewall rules
  • Update own Firewall Rules - the user can only edit own firewall rules

Be aware that additionally the following permissions should be enabled before setting firewall rules for your virtual server:

Update own virtual server – the user can only edit their own virtual servers
Read own virtual servers – the user can only read their own virtual servers

For details, refer to Set Virtual Server Firewall Rules  section.

Global search

OnApp administrators can control user access to global search. You can set the following global search for user roles:

  • Global search - global search through the whole database

For details, refer to Cloud Search Tool section.

Groups

This set of permissions is reserved for future use and currently is not used. Enabling or disabling those permissions will not effect the system in any way.

Help

OnApp administrators can control user access to help section.

  • All actions on Help - the user can take any action under the Help menu
  • Send Support requests - the user can send support requests from the Help menu

For details, refer to Help chapter.

Http Caching Rules

OnApp Administrators can control user's ability to manage HTTP Caching rules. You can set the following permissions:

  • Any actions on http caching rules - the user can create/delete/set rules/edit rules.
  • Create http caching rules  - the user can only create HTTP caching rules.
  • Delete http caching rules - the user can remove HTTP caching rules. 
  • See http caching rules for cdn resources  - the user can set HTTP caching rules for the resources.
  • Update http caching rules - the user can edit http caching rules.

iFrame

  • Any action on iFrame - the user can perform any action on iFrame
  • Create new iFrame - the user can create a new iFrame instance 
  • Destroy any iFrame - the user can delete any iFrame instance
  • See all iFrame - enables to see the list of all iFrames in the cloud
  • See own iFrame - enables to see only the iFrames associated with own user profile. Without this permission users won't be able to see the iFrame configured by the administrator.
  • Update any iFrame - the user can edit any iFrame

For detail refer to iFrame Configuration section.

Instance packages

  • Any action on instance packages - the user can take any action on instance packages

  • Create instance package - the user can create new instance packages

  • Delete any instance package - the user can delete any instance package

  • See all instance packages - the user can see all instance packages

  • Update any instance package - the user can update any instance package

For details, refer to the Instance Packages section.

Internationalization

  • Edit Internationalization Locales - the user can view and edit all non-English language phrases

For details, refer to Localization and Customization chapter.

IO Statistics

OnApp administrators can control user access to IOPS statistics.

  • Full access to IO Statistics - the user has full access to IO Statistics
  • See all IO Statistics - the user can see all IO Statistics
  • See own IO Statistics - the user can see own IO Statistics


For details on IO Statistics, refer to View Disk IOPS section

IP Address Pools

  • Any action on IP Address Pool - the user has full access to IP address pools
  • Create a new IP Address Pool - the user can create new IP address pools
  • Destroy any IP Address Pool - the user can delete any IP address pool
  • See all IP Address Pools - the user can see all IP address pools

For details, refer to IP Address Pools chapter.


IP addresses

OnApp administrators can control users' ability to manage IP addresses. This is handled through the Control Panel's Roles and Sets menu. You can set the following IP address permissions for user roles:

  • Any action on IP addresses - the user can take any action on IP addresses
  • Assign IP address to user - the user can assign IP address to user
  • Create a new IP address - the user can create a new IP address
  • Destroy any IP address - the user can delete any IP address
  • See all IP addresses - the user can see all IP addresses
  • Unassign IP address from user - the user can unassign IP address from user
  • Update any IP address settings - the user can edit any IP address settings

For details, refer to Assign IP Address to User and Unassign IP Address from User sections.

ISOs

OnApp administrators can control users' ability to manage ISOs. This is handled through the Control Panel's Roles and Sets menu. You can set the following ISO permissions for user roles:

  • Any action on ISOs - the user can take any action on ISOs
  • Create a new ISO - the user can create a new ISO
  • Destroy any ISO - the user can delete any ISO (own, user, and public)
  • Destroy own ISO - the user can only delete own ISO 
  • Destroy user ISO - the user can delete ISOs created by any user, but not public ISOs 
  • Make any ISO public - the user can make public any ISO available to all users
  • Make own ISO public - the user can make public own ISOs only
  • Make user ISO public - the user can make public ISOs created by any user 
  • Create and manage own ISOs - the user can create and edit/delete/view own ISOs
  • Manage all ISOs - the user can manage own/user/public ISOs
  • Create and manage user ISOs - the user can view/create/edit/delete ISOs created by any user
  • See all ISOs - the user can view all ISOs in the cloud
  • See own ISOs - the user can only view the ISOs created by themselves
  • See all public ISOs - the user can view all public ISOs
  • See user ISOs - the user can view the ISOs created by any user in the cloud
  • Update any ISO - the user can edit any ISO in the cloud
  • Update own ISO - the user can only edit own ISO
  • Update user ISO - the user can edit  the ISOs created by any user in the cloud

For details, refer to ISOs section.

Last access log

OnApp administrators can control users' access to log. You can set the following last access log permissions for user roles:

  • Any action on last access log - the user can perform any action on last access log of any user
  • See the last access log of any user - the user can see the last access log of other users
  • See own last access log - the user can only see their own last access log

Load balancers

OnApp administrators can control users' ability to manage load balancers. This is handled through the Control Panel's Roles and Sets menu. You can set the following load balancer permissions for user roles:

  • Any action on load balancer - the user can take any action on load balancer
  • Migrate any load balancer - the user can migrate any load balancer
  • Migrate own load balancer - the user can only migrate their own load balancer

For details, refer to Load Balancers section.

Load balancing clusters

OnApp administrators can control users' ability to manage load balancing clusters. This is handled through the Control Panel's Roles and Sets menu. You can set the following load balancing cluster permissions for user roles:

  • Any action on load balancing cluster - the user can make any action on relation load balancing
  • Configure autoscale out parameter of load balancing cluster - the user can configure Autoscale Out when creating/updating a load balancing cluster
  • Create a new load balancing cluster - the user can create a new load balancing cluster
  • Delete any load balancing cluster - the user can delete any load balancing cluster
  • Delete own load balancing cluster - the user can only delete own load balancing clusters
  • See details of any load balancing cluster - the user can see details of any load balancing cluster
  • See details of own load balancing cluster - the user can only see details of own load balancing cluster
  • Change any load balancing cluster - the user can make changes on any load balancing cluster
  • Change own load balancing cluster - the user can only change own load balancing cluster

For details, refer to Load Balancers section.

Location Groups

OnApp administrators can control users' ability to manage location groups. You can set the following location groups permissions for user roles:

  • Any action on location groups - the user can take any action on location groups
  • Create a new location group - the user can create a new location group
  • Delete any location group - the user can attempt to delete location group

  • See all location groups - the user can see details of any location group
  • Refresh location groups - the user can refresh location groups

For details, refer to Location Groups section.

Log items

OnApp administrators can control users' ability to manage log items. You can set the following log items permissions for user roles:

  • Any action on log items - the user can take any action on log items
  • Delete any log item - the user can delete any log item
  • Delete own log item - the user can only delete their own log items
  • See list of all log items - the user can see all log items
  • See list of own log items - the user can only see their own log items
  • See details of any log item - the user can see details of any log item
  • See details of own log item - the user can only see details of their own log items

For details, refer to Logs section.

Media

OnApp administrators can control users' ability to manage Media files through the Control Panel's Roles and Sets menu. You can set the following media permissions for user roles:

  • Any action on Media - the user can take any action on media files
  • Delete any Media - the user can delete any media files
  • See any Media - the user can view any media files
  • Update any Media - the user can edit any media files


Monthly user billing statistics

OnApp administrators can control users' access to monthly user billing statistics. You can set the following user monthly bills permissions for user roles:

  • Full access to user Monthly Bills Statistics - the user has full access to user monthly bills statistics
  • See all Monthly user Bills Statistics - the user can see all user monthly bills statistics
  • See only own user Monthly Bills Statistics - the user can only see own user monthly bills statistics


Monthly user group billing statistics

OnApp administrators can control users' access to monthly user group billing statistics. You can set the following user group monthly bills permissions for user roles:

  • Full access to user group Monthly Bills Statistics - the user has full access to user group monthly bills statistics
  • See all Monthly user group Bills Statistics - the user can see all user group monthly bills statistics
  • See only own user group Monthly Bills Statistics - the user can only see own user group monthly bills statistics


Nameservers

OnApp administrators can control users' ability to manage name servers. This is handled through the Control Panel's Roles and Sets menu. You can set the following nameservers permissions for user roles:

  • Any action on nameservers - the user can take any action on nameservers
  • Create a new nameserver - the user can create a new nameserver
  • Destroy any nameserver - the user can delete any nameserver
  • See all nameservers - the user can see all nameservers
  • Update any nameserver settings - the user can edit any nameserver

Networks

OnApp administrators control how users can manage networks. This is handled through the Control Panel's Roles and Sets menu. You can set the following network permissions for user roles:

  • Any action on networks - the user can take any action on networks
  • Create a new network - the user can create a new network
  • Destroy any network - the user can delete any network
  • See all networks - the user can see all networks
  • Update any network - the user can edit any network

For details, refer to Networks Settings section.

Network zones

OnApp administrators control a user's ability to manage network zones. This is handled through the Control Panel's Roles and Sets menu. You can set the following network zone management permissions for user roles:

  • Any action on network zones - the user can take any action on network zones
  • Create a new network zone - the user can create a new network zone
  • Delete any network zone - the user can delete any network zone
  • See list of all network zones - the user can see list of all network zones
  • See details of any network zone - the user can see details of any network zone
  • Update any network zone - the user can update any network zone

For details, refer to Network Zones Settings section.

OnApp Storage

  • Manage OnApp storage - the user can access the OnApp storage settings

OAuth Providers

OnApp administrators can control users' ability to manage OAuth providers through the Control Panel's Roles and Sets menu. You can set the following OAuth providers permissions for user roles:

  • Any action on OAuth providers - the user can take any action on OAuth providers 
  • See all OAuth providers - the user can see all configured OAuth providers
  • Update any OAuth provider - the user can edit any OAuth provider

For details, refer to OAuth section.


Orchestration Models

OnApp administrators can control users' ability to manage orchestration models through the Control Panel's Roles and Sets menu. You can set the following orchestration models permissions for user roles:

  • Create new Orchestration Model - the user can create a new orchestration model
  • Delete any Orchestration Model  - the user can delete any orchestration model
  • Deploy any Orchestration Model - the user can deploy any orchestration model
  • Read any Media - the user can see any orchestration model


Org Networks

OnApp administrators control how users can manage  org networks. This is handled through the Control Panel's Roles and Sets menu. You can set the following org network permissions for user roles:

  • Any action on  org networks - the user can take any action on org networks
  • Create a new org network - the user can create a new org network
  • Destroy any org network - the user can delete any org network
  • See all org networks - the user can see all org networks
  • Update any org network - the user can edit any org network


Payments

OnApp administrators control how users can manage payments. This is handled through the Control Panel's Roles and Sets menu. You can set the following payments permissions for user roles:

  • Any action on payments - the user can take any action on payments
  • Create a new payment - the user can create a new payment
  • Destroy any payment - the user can delete any payment
  • See all payments - the user can see all payments
  • See own user payments - the user can only see their own user payments
  • See own company payments - the user can only see their own company payments ( applicable for vCloud Director users)
  • Update any payment - the user can edit any payment

For details, refer to User Payments section.

Permissions

OnApp administrators control a user's ability to manage permissions. This is handled through the Control Panel's Roles and Sets menu.

  • Any action on permissions - the user can take any action on permissions
  • Create a new permission - the user can create a new permission
  • Destroy any permission - the user can delete any permission
  • See all permissions - the user can see all permissions
  • Update any permission - the user can edit any permission


Provider Resource Pools

OnApp administrators control how users can manage provider resource pools. This is handled through the Control Panel's Roles and Sets menu. You can set the following provider resource pool permissions for user roles:

  • Any action on Provider Resource Pools - the user can take any action on provider resource pools
  • Read any Provider Resource Pool - the user can see the list of all provider resource pools


Recipes

OnApp administrators control a user's ability to manage recipes. This is handled through the Control Panel's Roles and Sets menu.

  • Any actions on Recipes - the user can take any action on recipes
  • Create new Recipes - the user can create new recipes
  • Delete any Recipe - the user can delete any recipe
  • Delete own Recipes - the user can delete own recipes
  • Edit any Recipe - the user can edit any recipe
  • Edit own Recipes - the user can edit own recipes
  • Read any Recipe - the user can read any recipe
  • Read own Recipes - the use can read own recipes

For details, refer to Recipes chapter.

Recipe Groups

  • Any action on recipe groups - the user can take any action on recipe groups
  • Create a new recipe group – the user can create a new recipe group
  • Destroy any recipe group - the user can delete any recipe group
  • See list of all recipe groups – the user can view the list of recipe groups
  • See all recipe groups – the user can view any recipe group details
  • Update any recipe group – the user can edit all recipe groups

For details, refer to Recipe Groups chapter.

Recipe Group Relations

  • Any action on recipe group relations - the user can take any action on recipe relation group
  • Create a new recipe group relation - the user can create a new recipe relation group
  • Destroy any recipe group relation - the user can delete any recipe relation group
  • See list of all recipe group relations  - the user can view the list recipe relation groups
  • See all recipe group relations – the user can see recipe relation group details
  • Update any recipe group relation – the user can edit any recipe relation group

For details, refer to Recipe Groups chapter.


Relation group templates

OnApp administrators control how users can manage relation group templates. This is handled through the Control Panel's Roles and Sets menu. You can set the following relation group templates permissions for user roles:

  • Any action on relation group templates - the user can take any action on relation group templates
  • Create a new relation group template - the user can create a new relation group template
  • Create own relation group template - the user can create his own template group
  • Destroy any relation group template - the user can delete any relation group template
  • Destroy own relation group templates - the user can delete own relation group templates
  • See all relation group templates - the user can see all relation group templates
  • See own relation group templates - the user can see his own relation group templates
  • Update price for relation group template - the user can update price for relation group template

For details, refer to Template Store and My Template Groups section.

Resource limits

OnApp administrators control how users can manage resource limits. This is handled through the Control Panel's Roles and Sets menu. You can set the following resource limits permissions for user roles:

  • Any action on resource limit - the user can take any action on resource limits
  • Create a new resource limit - the user can create a new resource limit
  • Destroy any resource limit - the user can delete any resource limit
  • See all resource limits - the user can see all resource limits
  • See own resource limits - the user can only see their own resource limits
  • Update any resource limit - the user can edit resource limits for any user account

For details, refer to Set Billing Plan Prices And Resource Limits section.


Resource Pool

OnApp administrators control how users can manage vCloud Director resource pools. This is handled through the Control Panel's Roles and Sets menu. You can set the following resource pool permissions for user roles:

  • Any action on Resource Pools - the user can take any action on resource pools
  • Delete any Resource Pools - the user can delete any resource pool
  • Read any Resource Pool - the user can see the list of all resource pools

Resource Pool Statistics

OnApp administrators control how users can manage vCloud Director resource pool statistics. This is handled through the Control Panel's Roles and Sets menu. You can set the following resource pool statistics permissions for user roles:

  • Any action on resource pool statistics - the user can take any action on any resource pool statistics
  • See all resource pools statistics - the user can see statistics for all resource pools 
  • See own resource pools statistics - the user can see statistics for own resource pools only

Restrictions Resources

OnApp administrators can control users' ability to manage restrictions resources through the Control Panel's Roles and Sets menu. You can set the following restrictions resources permissions for user roles:

  • Any actions on restrictions resources - the user can take any actions on restrictions resources while configuring restriction sets (Roles and Sets > Restrictions Sets tab > Resources)
  • See all restrictions resources - the user can see all restrictions resources while configuring restriction sets (Roles and Sets > Restrictions Sets tab > Resources)

Restrictions Sets

OnApp administrators can control users' ability to manage restrictions sets through the Control Panel's Roles and Sets menu. You can set the following restrictions sets permissions for user roles:

  • Any action on restrictions sets - the user can take any action on restrictions sets 
  • Create a new restrictions set - the user can create a new restrictions set 
  • Delete restrictions set - the user can delete any restrictions set 
  • See all restrictions sets - the user can see all restrictions sets
  • See own restrictions sets - the user can see restrictions sets assigned to his role(s)
  • Update restrictions set - the user can update any restrictions set

    For details, refer to Restrictions Sets chapter.

Roles

OnApp administrators control a user's ability to manage roles. This is handled through the Control Panel's Roles and Sets menu.

  • Any action on Roles - the user can take any action on roles
  • Create a new Role - the user can create a new role
  • Destroy any Role - the user can delete any role
  • See all Roles - the user can see all roles
  • See user's own roles - the user can see only roles assigned to them
  • Update any Role - the user can edit any role

For details, refer to Roles And Sets chapter.

SAML Identity Providers

  • Any action on SAML identity providers - the user can perform any action on SAML Identity Providers
  • Create a SAML identity provider - the user can add new Identity Provider
  • Destroy any SAML identity provider - the user can delete any Identity Provider
  • See all SAML identity providers - the user can see the list of all Identity Providers
  • Update any SAML identity provider - the user can edit any SAML Identity Provider

Schedule logs

OnApp administrators control a user's ability to manage schedule logs. This is handled through the Control Panel's Roles and Sets menu.

  • Any action on schedule logs - the user can take any action on schedule logs
  • Create a new schedule log - the user can create a new schedule log
  • Destroy any schedule log - the user can destroy any schedule log
  • See all schedule logs - the user can see all schedule logs
  • See own schedule logs - the user can only see their own schedule logs
  • Update any schedule log - the user can edit any schedule log

For details, refer to Schedules Settings section.


Schedules

OnApp administrators control users' ability to manage schedules. This is handled through the Control Panel's Roles and Sets menu. You can set the following schedule management permissions for user roles:

  • Any action on schedules - the user can take any action on schedules
  • Create a new schedule - the user can create a new schedule
  • Destroy any schedule - the user can delete any schedule
  • Destroy own schedule - the user can only delete their own schedules
  • See all schedules - the user can see all schedules
  • See own schedules - the user can only see their own schedules
  • Update any schedule - the user can edit any schedule
  • Update own schedule - the user can only edit their own schedules

For details, refer to Schedules section.

Sessions

OnApp administrators control a user's ability to drop sessions. You can set the following drop session permissions for user roles:

  • Any actions on sessions - the user can take any action on sessions
  • Drop all the existing sessions - the user can drop all the existing sessions including their own
  • Drop all the user sessions but the current - the user can delete all the sessions created under their account but their current

For details, refer to Drop Session section.

Settings

OnApp administrators control a user's ability to manage settings. This is handled through the Control Panel's Roles and Sets menu.

  • Any action on settings - the user can take any action on settings
  • Manage SSL certificate - the user can upload and update SSL certificate located under config/ssl_certificates folder
  • See read settings - the user can see all settings
  • Restart Dashboard Client - the user can restart the dashboard client
  • Update Settings - the user can edit everything in the Settings menu
  • View OnApp version - the user can navigate to version to see which version of OnApp is installed

For details, refer to OnApp Configuration chapter.

Smart Servers

OnApp administrators control how users can manage Smart Servers. This is handled through the Control Panel's Roles and Sets menu. You can set the following Smart Servers permissions for user roles:

  • Add recipe to any Smart Server the user can add recipes to any smart server
  • Add recipe to own Smart Server - the user can add recipes to own smart servers only 
  • Remove recipe from any Smart Server - the user can remove a recipe from any smart server 
  • Remove recipe from own Smart Server - the user can remove recipe from own smart server

For details, refer to Smart Servers chapter. 


SSH keys

OnApp administrators control how users can manage SSH keys. This is handled through the Control Panel's Roles and Sets menu. You can set the following SSH keys permissions for user roles:

  • Add ssh keys for all the virtual servers - the user can add ssh keys for all the virtual servers
  • Add ssh keys for own virtual servers - the user can only add ssh keys for own virtual servers

For details, refer to Add SSH Key section.

Storage Servers

  • Any action on Storage Server - the user can take any actions on storage servers
  • Change an owner of any Storage Server - the user can change the owner of any storage server
  • Create a new Storage Server - the user can create a new storage server
  • Destroy any Storage Server - the user can delete any storage server
  • Destroy own Storage Servers - the user can delete own storage servers
  • Migrate any Storage Server - the user can migrate any storage server
  • Migrate own Storage Servers - the user can migrate own storage servers
  • Any power action on Storage Servers - the user can migrate own storage servers
  • Any power action on own Storage Servers - the user can take any power-related action on own storage servers
  • See all Storage Servers - the user can see all storage servers
  • See own Storage Servers - the user can see own storage servers
  • Read VIP status - the user can read VIP status of storage servers
  • Rebuild Network on any Storage Server - the user can rebuild network on any storage server
  • Rebuild Network on own Storage Servers - the user can only rebuild network on own storage servers
  • Set VIP status - the user can set/delete VIP status for storage servers
  • Change Suspended status for Storage Server - the user can change Suspended status for any storage server
  • Unlock any Storage Server - the user can unlock any storage server
  • Update any Storage Server - the user can update any storage server
  • Update own Storage Servers - the user can update own storage servers

For details, refer to CDN Storage Servers section.

Sysadmin tools

OnApp administrators control how users can manage sysadmin tools. This is handled through the Control Panel's Roles and Sets menu. You can set the following sysadmin tools permissions for user roles:

  • Any action Sysadmin Tools - the user can see all actions on the Sysadmin Tools menu


For details, refer to Sysadmin Tools section.

Templates

OnApp administrators control how users can manage templates. You can set the following template sets permissions for user roles:

  • Any action on templates  - the user can take any action on all templates
  • See the list of available for installation templates - the user can see all templates available for the installation from the template server (Templates > System templates > Available tab)
  • Install template upgrades - the user can install upgrades to the system templates
  • See the list of template upgrades - the user can see the upgrades for the installed system templates 
  • Create a new template - the user can create a new template
  • Destroy any template - the user can delete any template
  • Destroy own template - the user can only delete their own templates
  • Destroy user template - the user can delete any user templates
  • See the list of inactive templates -  the user can see the list of inactive templates
  • See list of active installations - the user can see the list of active template installations
  • Make any template public - the user can make any template public
  • Make own template public -  the user can only make their own templates public
  • Make user template public -  the user can make any user templates public
  • Manage own templates - the user can create and view/edit/delete their own templates
  • Manage public templates - the user can create/edit/delete/view system/public template 
  • Manage user templates - the user can create and manage user templates
  • See all templates - the user can see all templates
  • See own templates - the user can only see their own templates
  • See all public templates - the user can see all system templates including public
  • See user templates - the user can see any user templates
  • Manage recipe for any template - the user can manage recipes for any template 
  • Manage recipe for own templates - the user can manage recipes for own templates only
  • Restart failed installation - the user can restart failed template installation
  • Update any template - the user can edit any template (Templates > System templates > Edit template)
  • Update own template - the user can only edit their own templates (Templates > My templates > Edit template)
  • Update user template - the user can update user templates (Templates > User templates > Edit template

For details, refer to Templates chapter.

Template groups

OnApp administrators can control users' ability to manage image template groups. This is handled through the Control Panel's Roles and Sets menu. You can set the following image template groups permissions for user roles:

  • Any action on template group - the user can take any action on template groups
  • Create a new template group - the user can create a new template group
  • Create own template group - the user can create his own template group
  • Delete any template group - the user can delete a template group
  • Delete own template group - the user can delete his own template group
  • See details of any template group (image_template_groups.read) - the user can view template group details
  • See details of own template groups - the user can view his own template groups 
  • Update any template group (image_template_groups.update) - the user can edit any template group
  • Update own template groups - the user can edit his own template groups

For details, refer to Template Store and My Template Groups sections.

Themes

OnApp administrators control a user's ability to manage themes. You can set the following themes permissions for user roles:

  • Any action on Themes - the user can make any action on themes
  • Create Theme - the user can create new themes
  • Destroy Theme - the user can delete themes
  • Read Theme - the user can read themes
  • Update Theme - the user can make changes in themes

For details, refer to Look & Feel section.

Transactions

OnApp administrators control a user's ability to manage transactions. You can set the following transactions permissions for user roles:

  • Any action on transactions - the user can take any action on transactions
  • Cancel zombie transactions - the user can cancel transactions which run too long and are most likely failed
  • Cancel own zombie transactions - the user can cancel transactions which run too long and are most likely failed and belong to this user
  • Delete all transactions from log - the user can delete all transactions from a log
  • Delete own transactions from logs - the user can only delete their own transactions from a log
  • See list of all transactions - the user can see all transactions
  • See list of own transactions - the user can only see their own transactions
  • See details of all transactions - the user can see details of any transaction
  • See details of own transaction - the user can only see details of their own transactions

For details, refer to Virtual Server Transactions and LogsSmart Server Transactions and Logs sections.

Tunnels

OnApp administrators control how users can manage VPN tunnels. This is handled through the Control Panel's Roles and Sets menu. You can set the following tunnels permissions for user roles:

  • Any action on tunnels - the user can take any action on tunnels
  • Create tunnels for anyone - the user can create tunnels for anyone
  • Create own tunnels - the user can only create own tunnels
  • Destroy any tunnels - the user can delete any tunnels
  • Destroy own tunnels - the user can  only delete own tunnels
  • Read all tunnels - the user can see all tunnels
  • Read own tunnels - the user can only see own tunnels
  • Update all tunnels - the user can edit all tunnels
  • Update own tunnels - the user can only edit own tunnels


Users

OnApp administrators can control users' ability to manage configuration. This is handled through the Control Panel's Roles and Sets menu. You can set the following users permissions for user roles:

  • Any action on users - the user can take any action on user accounts
  • Upload avatar - the user can upload an avatar
  • Change user password - the user can change user's password
  • Change own password - the user can only change own password
  • Create any user - the user can create a new user account
  • Destroy any user - the user can delete any user account
  • Destroy own user - the user can only delete their own user account
  • Allow user to send password reminder - the user can send password reminder for other users at user profile page
  • User can login as any user - the user can login as any user
  • See all users - the user can see all user accounts
  • See all users prices - the user can see all users prices. By disabling this permission together with the See user outstanding amount and See user summary payments permissions, you can hide the payment screen on the dashboard.
  • See user backups/templates prices – the user can see users’ backups/templates prices
  • See user billing plan – the user can see users’ billing plans
  • See user hourly prices – the user can see users’ hourly prices
  • See user monthly prices – the user can see users’ monthly prices
  • See user outstanding amount – the user can see users’ outstanding amount. By disabling this permission together with the See all users prices and See user summary payments permissions, you can hide the payment screen on the dashboard.
  • See user summary payments – the user can see user’s summary payments. By disabling this permission together with the See user outstanding amount and See all users prices permissions, you can hide the payment screen on the dashboard.
  • See user total cost – the user can see users’ total cost
  • See user virtual server prices – the user can see users’ virtual server prices
  • See own users  the user can only see their own user account
  • Suspend and unsuspend users – the user can suspend/unsuspend any users
  • Unlock any user - the user can unlock any user
  • Update any user – the user can edit any user account
  • Update own user – the user can only edit their own user account
  • Generate API key – the user can generate API key for all users
  • Generate own API key – the user can only generate own key
  • Update Yubikey - the user can modify all user Yubikeys

  • Update own Yubikey - the user can modify only their own Yubikey

For details, refer to Users chapter.

User additional fields

OnApp administrators control a user's ability to create user additional fields. You should edit user profile to add necessary info to this additional field. It is regulated by Update any user permission.  You can set the following user additional fields permissions for user roles:

  • Any action on user additional fields - the user can perform any action on user additional fields 
  • Create user additional fields - the user can create user additional fields
  • Destroy any user additional fields - the user can delete any user additional fields
  • Read all user additional fields - the user can read all user additional fields
  • Update all user additional fields - the user can edit all user additional fields


For details, refer to User Additional Fields section.  

User groups

OnApp administrators control a user's ability to manage user groups. You can set the following user groups permissions for user roles:

  • Any action on user groups - the user can take any action on user groups
  • Create a new user group - the user can create a new user group
  • Destroy user group - the user can delete any user group
  • See list of all user groups - the user can see the list of all user groups
  • See details of any user group - the user can see details of any user group
  • Update any user group - the user can edit any user group

For details, refer to User Groups section.


VApps

OnApp administrators can control users' ability to manage vApps. This is handled through the Control Panel's Roles and Sets menu. You can set the following  vApps permissions for user roles:

  • Any action on vApps – the user can take any action on vApps
  • Convert vApp – the user can convert vApp into vApp Template
  • Create a new vApp – the user can create a new vApp
  • Delete any vApp – the user can destroy any vApp
  • Delete own vApps – the user can only destroy their own vApps
  • Any power action on vApps – the user can take any power actions on vApps
  • Any power action on own vApps – the user can only take power actions on their own vApps
  • Read any vApps – the user can view any vApps
  • Read own vApps – the user can only view their own vApps
  • Edit any vApp – the user can edit any vApp
  • Edit own vApps – the user can only edit their own vApps

VApp Networks

OnApp administrators control how users can manage  vApp networks. This is handled through the Control Panel's Roles and Sets menu. You can set the following vApp network permissions for user roles:

  • Any action on  vApp networks - the user can take any action on vApp networks
  • Create a new vApp network - the user can create a new vApp network
  • Destroy any vApp network - the user can delete any vApp network
  • See all vApp networks - the user can see all vApp networks
  • Update any vApp network - the user can edit any vApp network


VApp Templates

OnApp administrators can control users' ability to manage vApp templates. This is handled through the Control Panel's Roles and Sets menu. You can set the following  vApp template permissions for user roles:

  • Any action on vApp templates  – the user can take any action on vApp templates
  • Create any vApp templates – the user can create any vApp template
  • Delete any vApp templates  – the user can destroy any vApp template

vCloud Nat Rules

OnApp administrators can control users' ability to manage vCloud Director nat rules. This is handled through the Control Panel's Roles and Sets menu. You can set the following vCloud Director nat rules permissions for user roles:

  • Any action on nat rules - the user can take any action on nat rules
  • Create nat rules - the user can create a nat rule in any edge gateway
  • Delete any nat rule - the user can delete any nat rule
  • Delete own nat rules - the user can delete only own nat rules
  • See any nat rule - the user can see all nat rules
  • See own nat rules - the user can see only own nat rules
  • Edit any nat rule - the user can edit all nat rules
  • Edit own nat rules - the user can edit only own nat rules

Virtual Servers

OnApp administrators can control users' ability to manage virtual servers. This is handled through the Control Panel's Roles and Sets menu. You can set the following virtual servers permissions for user roles:

  • Any action on virtual servers – the user can take any action on virtual servers
  • Allow all virtual servers to boot from ISO - the user can boot from ISO any virtual server in the cloud
  • Allow own virtual servers to boot from ISO - the user can boot from ISO their own virtual servers only
  • Build/rebuild any virtual server - the user can build or rebuild any virtual server 
  • Build/rebuild user's own virtual server - the user can build or rebuild their own virtual servers only
  • Change an owner of any virtual server – the user can change the owner of any virtual server
  • Console to any virtual server – the user can access any virtual server via console
  • Console to own virtual server – the user can only access their own virtual server via console
  • Allow user to set CPU topology - the user can set CPU topology options for virtual server
  • Create a new virtual server – the user can create a new virtual server
  • Destroy any virtual server – the user can delete any virtual server. To delete any virtual server together with its backups, the user needs to have the Destroy any backup permission enabled. Otherwise, the backups of the VS deleted by the user will remain in the system.
  • Destroy own virtual server – the user can only delete their own virtual servers. To delete a virtual server together with its backups, the user needs to have the Destroy own backup permission enabled. Otherwise, the backups of the VS deleted by the user will remain in the system.
  • Migrate any virtual server – the user can migrate any virtual server
  • Migrate own virtual server – the user can only migrate their own virtual servers
  • Any power action on virtual servers – the user can take any power-related action on virtual servers
  • Any power action on own virtual servers – the user can only take power-related actions on their own virtual servers
  • Allow to purge content of all virtual servers - the user can purge content of any virtual server
  • Allow to purge content of own virtual servers - the user can purge content of own virtual servers only
  • Read any virtual server – the user can read any virtual server
  • Read own virtual servers – the user can only read their own virtual servers
  • Read VIP status - the user can read VIP status of virtual servers
  • Rebuild Network of any virtual server – the user can rebuild network of any virtual server
  • Rebuild Network of own virtual server – the user can only rebuild network of own virtual server
  • Manage recipes joins for all virtual servers - the user can manage recipes joins for all virtual servers
  • Manage recipes joins for own virtual servers - the user can manage recipes joins for own virtual servers

  • Report a federation problem on any virtual server - the user can report a federation problem on any virtual server

  • Report a federation problem on user's own virtual server - the user can report a federation problem on user's own virtual server

  • Reset root password of any virtual server – the user can reset the root password for any virtual server

  • Reset root password of own virtual server – the user can only reset the root password of their own virtual servers
  • Select instance package on virtual server creation - the user can select instance packages on virtual server creation
  • Select resources manually on virtual server creation - the user can select resources manually on virtual server creation
  • Set SSH keys – the user can set their own ssh keys after the virtual server is created
  • Set VIP status – the user can set/delete VIP status for virtual servers
  • Change Suspended status for virtual server – the user can change Suspended status for a virtual server
  • Unlock any virtual server – the user can unlock any virtual server
  • Update all virtual server – the user can edit any virtual server
  • Update own virtual server – the user can only edit their own virtual servers
  • Read Virtual Server's root password - the user can view any virtual servers root password
  • Read own Virtual Server's root password - the user can view their own virtual servers root password
  • Manage publications for all virtual servers - the user can manage publications for all virtual servers
  • Manage publications for own virtual servers - the user can manage their own publications only
  • Install VMWare tools - the user can install VMWare tools (applicable for vCloud Director VSs)
  • Accelerate any Virtual Server - the user can accelerate any virtual server
  • Accelerate own Virtual Servers - the user can accelerate only own virtual servers

For details, refer to Appliances section.

Virtual Server Snapshots

OnApp administrators can control user's access to VMware virtual server snapshots. You can set the following snapshot permissions:

  • Any action on Virtual Server Snapshots - the user can take any action on snapshots
  • Create or Restore own Virtual Server Snapshot - the user can create/restore own snapshots
  • Destroy own Virtual Server Snapshot - the user can delete own snapshots
  • See own Virtual Server Snapshots - the use can see the list of own snapshots

For details, refer to VMware Virtual Server Snapshots section.

Virtual Machine Statistics

OnApp administrators control user's access to virtual server statistics. You can set the following statistics permissions for user roles:

  • See Virtual Machine Statistics – the user has full access to statistics
  • See all Virtual Machines Statistics – the user can see statistics of all virtual servers
  • See own Virtual Machines Statistics – the user can only see their own statistics

For details, refer to Virtual Server Statistics section.

Virtual Server's IP Addresses

OnApp administrators can control users' ability to manage IP address joins. This is handled through the Control Panel's Roles and Sets menu. You can set the following IP address joins permissions for user roles:

  • All actions on virtual server's IP addresses - the user can take any action on virtual server IP addresses
  • Add IP address to any virtual server - the user can add an IP address to any virtual server
  • Add IP address to own virtual server - the user can only add IP addresses to their own virtual servers
  • Remove IP address from any virtual server - the user can remove an IP address from any virtual server
  • Remove IP address from own virtual server - the user can only remove IP addresses from their own virtual servers
  • See IP addresses assigned to any virtual servers - the user can see IP addresses assigned to any virtual server
  • See IP addresses assigned to own virtual servers - the user can only see IP addresses assigned to their own virtual servers

For details, refer to Virtual Server IP Addresses section.

White IPs

OnApp administrators control a user's ability to manage white IPs. You can set the following white IPs permissions for user roles:

  • Manage all White IPs for users - the user can take any action on White IPs for users
  • Create white IP for all users - the user can create any white IP
  • Create own white IP - the user can create own white IP
  • Destroy white IP for all users - the user can destroy any white IP
  • Destroy own white IPs - the user can only destroy own white IP
  • Read all white user IPs - the user can read all white IPs
  • Read own white IPs - the user can read own white IPs
  • Update white IP for all users - the user can update any white IP
  • Update own white IPs - the user can update own white IP

For details, refer to User Whitelist IPs section.

Zabbix Server

OnApp administrators can control users' ability to manage the Zabbix server. This is handled through the Control Panel's Roles and Sets menu. You can set the following Zabbix server permission for user roles:

  • Any action related to zabbix server - user can perform any action related to the Zabbix server