A   B   C   D   E   F   G   H   I   J   K   L   M   N   O   P   Q   R   S   T   U   V   W   X   Y   Z

The list below includes all the permissions that can be set up in OnApp.

The permissions are used to determine what the OnApp users are authorized to do within the cloud. OnApp uses role-based access to specify what users can view, edit, create or remove in OnApp. Each role is a set of permissions defined for the OnApp cloud that you can assign to specific users to control user access to the cloud settings.

To set the permissions:

  1. Go to your Control Panel > Admin Roles and Sets menu.
  2. On the screen that follows, you'll see a list of all roles on your system on the following screen.
  3. Click the Actions button next to the relevant role, then click Edit.
  4. Change the role's permissions for users as required, then click the Save button.

Now, you have a user with the customized set of Permissions. For OnApp administrators, this set includes access to a wider range of OnApp functionality. OnApp administrators can control users' ability to manage different components through the Control Panel's Roles menu.

Some of the listed permissions (or permission sets) are default for the Admin and User roles in OnApp. 

 sign marks the default permissions for the predefined Admin role in OnApp.

 sign marks the default permissions for the predefined User role in OnApp.

A

Accelerators

OnApp administrators can control users' ability to manage accelerators. You can set the following accelerator permissions for user roles:

  • Any action on Accelerators - the user can take all actions listed below
  • Change an owner of any Accelerator - the user can replace the owner of any accelerator in the cloud
  • Create a new Accelerator - the user can add new accelerators to the cloud
  • Destroy any Accelerator - the user can delete any of the existing accelerators
  • Destroy own Accelerators - the user can delete only those accelerators that are in their bucket 
  • Migrate any Accelerator - the user can migrate any of the existing accelerators
  • Migrate own Accelerators - the user can migrate only those accelerators that are in their bucket
  • Any power action on Accelerators - the user can take any power-related action on accelerator
  • Any power action on own Accelerators - the user can take any power-related action only on their own accelerators
  • See all Accelerators - the user can view all accelerators currently present in the cloud
  • See own Accelerators - the user can see only those accelerators that are in their bucket
  • Rebuild Network on any Accelerator - the user can rebuild network on any of the existing accelerators
  • Rebuild Network on own Accelerators - the user can only rebuild network on own accelerators
  • Change Suspended status for any Accelerator - the user can change Suspended status for any accelerator in the cloud
  • Unlock any Accelerator - the user can unlock any of the accelerators in the cloud
  • Update any Accelerator - the user can edit any of the existing accelerators
  • Update own Accelerators - the user can edit only those accelerators that are in their bucket

For details, refer to the Accelerators section.

Activity Logs

OnApp administrators can control users' ability to manage activity logs configuration. The following activity logs for user roles can be set:

  •  Any action on Activity Logs - the user can view and destroy all activity logs
  • Destroy any Activity Logs - the user can delete activity logs
  • Destroy own Activity Logs - the user can only delete their own activity logs
  • See list of all Activity Logs - the user can see list of all activity logs
  • See list own Activity Logs - the user can only see list of their own activity logs
  • See all Activity Logs - the user can see all activity logs
  •  See all own Activity Logs - the user can only see the details of their own activity log


 Application Servers

OnApp administrators can control users' ability to manage application servers. You can set the following application servers permissions for user roles:

  •  Any action on application servers – the user can take all actions listed below
  • Change an owner of any application server – the user can replace the owner of any of the application servers in the cloud
  • Create a new application server – the user can create a new application server
  • Destroy any application server – the user can delete any application server. To delete any application server together with its backups, the user needs to have the Destroy any backup permission enabled. Otherwise, the backups of the application server deleted by the user will remain in the system.
  • Destroy own application servers – the user can only delete their own application servers. To delete an application server together with its backups, the user needs to have the Destroy own backup permission enabled. Otherwise, the backups of the application server deleted by the user will remain in the system.
  • Migrate any application server – the user can migrate any application server in the cloud
  • Migrate own application servers – the user can only migrate only those application servers that are in their bucket
  • Any power action on application servers – the user can take any power-related action on all application servers in the cloud
  • Any power action on own application servers – the user can only take power-related actions on their own application servers
  • See all application servers – the user can view any application server. If this permission is enabled, the user can manage applications deployed on any application server.
  • See own application servers – the user can only view their own application servers. If this permission is enabled, the user can manage applications deployed on their application servers
  • Read VIP status - the user can read VIP status of application servers and know which of them will have higher priority in the migration queue
  • Rebuild Network on any application server – the user can rebuild the network of any application server located in the cloud
  • Rebuild Network on own application servers – the user can only rebuild network of their own application servers
  • Set VIP status - the user can set/delete VIP status for application servers
  • Change Suspended status for application server – the user can edit Suspended status for an application server and disable or enable all the major actions on VS
  • Unlock any application server – the user can unlock any application server and edit its XML file
  • Update any application server – the user can edit any application server present in the cloud
  • Update own application servers – the user can only edit those application servers that are in their bucket

For details, refer to the Application Servers section.


 Approvals

OnApp administrators can control users' ability to approve and decline transactions. The following permissions for transaction approvals can be set:

  •  Any Actions on Approvals - the user can approve, decline and see pending status of all transactions
  • See all Approvals - the user can see if any of the transactions is pending for approval
  • Update any Approval - the user can approve or decline transactions

For details, refer to the Transaction Approvals section. 


 Autoscaling Configuration

OnApp administrators can control users' ability to manage VS autoscaling configuration. The following autoscaling permissions for user roles can be set:

  •  Any Actions with Autoscaling Configuration - the user can take all actions on autoscaling configuration listed below
  • Create Autoscaling Configuration  - the user can create autoscaling configuration for virtual servers
  • Destroy any Autoscaling Configuration  - the user can delete autoscaling configuration created by other users
  • Destroy own Autoscaling Configuration  - the user can only delete autoscaling configuration for appliances that are added to their bucket
  • Read all Autoscaling Configuration  - the user can read autoscaling configuration on all VSs in the cloud 
  • Read own Autoscaling Configuration  - the user can only read autoscaling configurations of appliances that are in their bucket 
  • Update all Autoscaling Configuration  - the user can edit autoscaling configuration on all VSs in the cloud
  • Update own Autoscaling Configuration  - the user can only edit autoscaling configuration for appliances in their bucket

For details, refer to the Autoscale Virtual Server section.


 Autoscaling Monitors

OnApp administrators can control users' access to monitis monitors. You can set the following monitis monitors permissions for user roles:

  •  Any Actions on relation autoscaling monitors - the user can perform any actions on relation monitis monitors
  • View autoscaling monitor information - the user can viewmonitis monitor information

For details, refer to the View Load Balancer Autoscaling Monitors section.


 Auto-Backup Presets

OnApp administrators can control users' ability to manage auto-backup presets configuration. The following auto-backup presets permissions for user roles can be set:

  •  Any action on auto-backup presets - the user can see and update auto-backup presets that have been backed up automatically
  • See all auto-backup presets - the user can see all auto-backup presets that have been backed up automatically
  • Update any auto-backup presets  - the user can edit any auto-backup presets that has been backed up automatically

For details, refer to the Auto-Backup Presets Settings section.

 Availability

OnApp administrators can control users' ability to access and manage the High Availability system via Settings > HA Clusters. The following permission for user roles can be set:

  •  Any action on Availability settings - a user can take any actions on High Availability general settings, hosts, clusters, communication rings, etc

For details, refer to the High Availability section.

B

Backups

OnApp administrators can control users' ability to manage backups. You can set the following backup permissions for user roles:

  • Any action on backups - the user can take all actions listed below on any backup
  • Convert any backup to template - the user can take any backup of any virtual server, and convert it to a template
  • Convert own backup to template - the users can only convert their own backups to templates
  • Create backup for own VS - the users can only create backups of  of their own virtual servers
  • Destroy own backup - the users can only delete their own backups. To delete own virtual server together with its backups, the user needs to have this permission enabled. Otherwise, the backups of the VS deleted by the user will remain in the system.
  • See own backups - the users can only see their own backups
  • Update own backup - the users can only edit their own backups

For details, refer to the Virtual Server Backups section.


 Backup Resources

OnApp administrators can control users ability to manage backup resources. You can set the following backup resources permissions for user roles:

  •  Any action on backup resources - the user can create, view, edit, and delete backup resources 
  • Create backup resource - the user can add a new backup resource
  • Delete any backup resource - the user can delete any backup resource
  • See any backup resource - the user can view the list of all backup resources
  • Update any backup resource - the user can edit any backup resource 

For details, refer to the Create and Manage Backup Resources section. 


Backup Resource Zones

OnApp administrators can control users ability to manage backup resource zones. You can set the following backup resource zones permissions for user roles:

  • Any action on backup resource zones - the user can create, view, edit, and delete backup resource zones
  • Create backup resource zone - the user can add a new backup resource zone 
  • Delete any backup resource zone - the user can delete any backup resource zone 
  • See any backup resource zone - the user can view the list of all backup resource zone 
  • Update any backup resource zone - the user can edit any backup resource zone 

For details, refer to the Create and Manage Backup Resource Zones section. 


Backup Resource Auto Backup Presets

OnApp administrators can control users' ability to manage auto backup presets for backup resources. You can set the following auto backup presets permissions for user roles:

  • Any action on auto backup presets - the user can create, edit, view, and delete auto backup presets 
  • Create auto backup preset - the user can add a new auto backup preset
  • Delete any auto backup preset - the user can delete any auto backup preset
  • See any auto backup preset - the user can view the list of all auto backup preset
  • Update any auto backup preset - the user can edit any auto backup preset

For details, refer to the Create and Manage Auto Backup Presets section.


Backup Servers

OnApp administrators can control users' ability to manage backup servers. You can set the following backup server permissions for user roles:

  • Any action on Backup servers - the user can create, view, edit, and delete backup servers
  • Add a new Backup server - the user can add a new backup server
  • Delete any Backup server - the user can delete any backup server
  • See all Backup servers - the user can view the list of all backup servers
  • Update any Backup server - the user can edit any backup server

For details, refer to the Backup Servers Settings section.


Backup Server Zones

OnApp administrators can control users' ability to manage backup server zones. The following backup server zone permissions for user roles can be set:

  • Any action on backup server zones - the user can create, view, edit, and delete backup server zones
  • Create a new backup server zone - the user can add a new backup server zone
  • Delete any backup server zone - the user can delete any backup server zone
  • See list of all backup server zones - the user can see list of all backup server zones
  • See details of any backup server zone - the user can view the details of any backup server zone
  • Update any backup server zone - the user can edit any backup server zone

For details, refer to the Backup Server Zones Settings section.

Base Resources

OnApp administrators can control users' ability to manage miscellaneous resources section in bucket. You can set the following base resource permissions for user roles:

  • Any action on resources - the user can create, view, edit, and delete mescelanneous resources in bucket
  • Create a new resource - the user can add a new base resource
  • Delete any resource - the user can delete any base resource
  • See list of all resources - the user can see list of all base resources
  • See details of any resource - the user can see details of any base resource

For details, refer to the Buckets section.

 Blueprints

  •  Deploy own blueprint - the user can deploy their own blueprint

Buckets

OnApp administrators can control users' ability to manage buckets. You can set the following bucket permissions for user roles:

  • Any action on buckets - the user can create, view, edit, and delete buckets
  • Create a new bucket - the user can add a new bucket
  • Delete any bucket - the user can delete any bucket
  • See list of all buckets - the user can see list of all buckets
  • See details of any bucket - the user can see details (limits and prices) of any bucket
  • See own bucket - the user can only see a bucket assigned to this user

For details, refer to the Buckets section.

C

CloudBoot

OnApp administrators can control users' ability to manage CloudBoot settings. You can set the following permission:

  • Manage CloudBoot configurations - the user can manage CloudBoot settings

For details, refer to the CloudBoot Compute Resources section.

Compute Resources

OnApp administrators can control users' ability to manage Compute resources. You can set the following Compute resource permissions for user roles:

  • Any action on Compute resources - the user can take all actions listed below on compute resources
  • Create a new Compute resource - the user can add a new compute resource
  • Destroy any Compute resource - the user can delete any compute resource
  • Set maintenance mode for any compute resource - the user can set maintenance mode for any compute resource
  •  See all Compute resources - the user can see all Compute resources
  •  Show Compute resources on Virtual Server creation - display Compute resources on Add New Virtual Server screen

For details, refer to the Compute Resource Settings section.


Compute Resource Devices

OnApp administrators can control users' ability to manage compute resource devices. You can set the following compute resource devices permissions for user roles:

  • Any action on Compute Resource Devices - the user can view and edit compute resource devices
  • See all Compute Resource Devices - the user can view the list of all compute resource devices
  • Update any Compute Resource Device - the user can edit anycompute resource device

For details, refer to the Manage Compute Resource Static Hardware Devices section.

Compute Zones

OnApp administrators can control users' ability to manage compute zones. You can set the following compute zone permissions for user roles:

  • Any action on Compute zones - the user can take all actions listed below on compute zones
  • Create a new Compute zone - the user can create a new compute zone
  • Delete any Compute zone - the user can delete any compute zone
  • See list of all Compute zones - the user can see list of all compute zones
  • See details of any Compute zone - the user can see details of any compute zone
  • Show Compute Zones on Virtual server creation - display compute zones on Add New Virtual Server screen. Note: the See Details of any Compute Zone permission must be enabled for this permission to work properly.
  • Manage recipes for Compute zone - the user can manage recipes for any compute zone
  • Update any Compute zone - the user can edit any compute zone

For details, refer to the Compute Zones Settings section.

 Container Servers

  • Build/rebuild user's own container server - the user can build/rebuild their own container server
  • Console to own container server - the user can only access their own container server via console
  • Create a new container server - the user can create a new container server
  • Destroy own container servers - the user can destroy their own container servers
  • Edit own container server's cloud config - the user can only edit their own container server's cloud config
  • Migrate own container servers - the user can migrate their own container servers
  • Any power action on own container servers - the user can take any power-related action on their own container servers
  • See own container servers - the user can see their own container servers
  • Read own container server's root password - the user can read their own container server's root password
  • Rebuild network of own container server - the user can only rebuild network of their own container server
  • Manage recipes joins for own container servers - the user can manage recipes joins for their own container servers
  • Reset root password to own container server - the user can only reset the root password for their own container servers
  • Update own container servers - the user can update their own container servers


Control Panel

OnApp administrators can control users' ability to manage recipes for Control Panel. You can set the following permission:

  • Manage recipes for Control Panel - the user can manage recipes for any Control Panel

This permission will not be granted by pressing Full access button while editing the list of Permissions in the Roles section and can only be selected manually.


CPU Quota

OnApp administrators can control users' ability to manage CPU quota. You can set the following CPU quota permissions for user roles:

  • Manage CPU Quota - the user can enable/disable/edit CPU quota. Editing includes setting the default value of CPU quota on the compute resource level and editing the custom value on the virtual server level. 

For details, refer to the Set Default CPU Quota section.


Currencies

OnApp administrators can control users' ability to manage currency. You can set the following currency permissions for user roles:

  • Any action on Currencies - the user can create, edit, view, and delete currencies
  • Create new Currency - the user can add a new currency
  • Delete any Currency - the user can delete any currency
  • See list of all Currencies - the user can view the list of all currencies
  • Update all Currencies - the user can edit any currency

For details, refer to the Currencies section.

Custom Fields

OnApp administrators can control users ability to manage the Hardware Info custom fields. You can set the following custom fields permissions for user roles:

  • Any actions on Custom Fields - the user can add or edit any custom commands you want to run when a compute zone is booted

For details, refer to the Hardware Info section. 

D

Dashboard

OnApp administrators can control users' access to the dashboard. You can set the following dashboard permissions for user roles:

  • All actions on Dashboard - the user can see all available dashboard actions
  • See Alerts - the user can see alerts on the dashboard, including zombie VSs and transactions, and background processes
  • See Global Statistic - the user can see Global Dashboard statistics
  • See License Details - the user can see Dashboard Cloud Licenses' details
  • Show cloud dashboard - the user can see the cloud details on the dashboard

For details, refer to the Dashboard section.


Data Stores

OnApp administrators can control user access to datastore management. You can set the following data store permissions for user roles:

  • Any action on data_stores - the user can take all action listed below on data stores
  • Create a new data_store - the user can add a new data store
  • Destroy any data_store - the user can delete any data store
  • See all data_stores - the user can view the list of all data stores
  • Show Data Stores on Virtual Server creation - the user can see data stores during VC creation in the VS creation wizard

For details, refer to the Data Stores Settings section.


Data Store Joins

OnApp administrators can control users' ability to manage data store joins. You can set the following data store joins permissions for user roles:

  • All actions on datastores on Compute resource the user can attach and remove datastores from Compute resources and zones
  • Add Data Store to any Compute resource - the user can add a data store to any compute resource
  • Remove Data Store from any Compute resource - the user can detach a data store from any compute resource

For details, refer to Manage Compute Zone Data Stores section.


Data Store Zones

OnApp administrators can control user access to data store zones management. You can set the following data store zone permissions for user roles:

  • Any action on data store zones - the user can take all actions listed below on data store zones
  • Create a new data store zone - the user can add a new data store zone
  • Delete any data store zone - the user can delete any data store zone
  • See list of all data store zones - the user can view the list of all data store zones
  • See details of any data store zone - the user can see details of any data store zone
  •  Show Data Store Zones on Virtual Server creation - the user can see data store zones during VC creation in the VS creation wizard
  •  Update any data store zone - the user can edit any data store zone

For details, refer to the Data Store Zones Settings section.


Disks

OnApp administrators can control user access to disks management. You can set the following disks permissions for user roles:

  • Any action on disks - the user can take all actions listed below on disks
  • Assign any disk to VS -  the user can assign the disks of any users to another VS of that user
  • Assign own disk to VS -  the user can assign own disks to another own VS
  • Auto-backup for any disk - the user can schedule automatic backups on the disks of any users' virtual servers
  • Auto-backup for own disk - the user can only schedule automatic backups on the disks of their own virtual servers
  • Create a new disk - the user can create a new disk
  • Destroy any disk - the user can delete any disks
  • Destroy own disk - the user can only delete the disks of their own virtual servers
  •  Migrate any disk - the user can migrate the disks of any users' virtual servers
  •  Migrate own disks - the user can only migrate the disks of their own virtual servers
  • See all disks - the user can see all the disks of any users' virtual servers
  • See own disks - the user can only see the disks of their own virtual servers
  • Unlock any disk - the user can unlock any disk
  • Update any disk - the user can edit the disks of any users' virtual servers
  • Update own disk - the user can only edit the disks of their own virtual servers

For details, refer to the Virtual Server Disks section.


DRaaS

OnApp administrators can control users' ability to manage DRaaS. You can set the following DRaaS permissions for user roles:

  • Any action related to DRaaS - the user can take any action related to DRaaS such as enable DRaaS on the cloud and enable DRaaS for virtual servers

E

 Edge Groups

  •  See all edge groups - the user can see all edge groups   

F

Firewall Rules

OnApp administrators can control users' ability to manage firewall rules. You can set the following firewall rules permissions for user roles:

  • Any Action on Firewall Rules - the user can create, view, edit, and delete all firewall rules
  • Create Firewall Rules for anyone - the user can add firewall rules for anyone
  • Create own Firewall Rules - the user can only create firewall rules for appliances in their own bucket
  • Destroy own Firewall Rules - the user can only delete firewall rules for appliances in their own bucket
  • Read own Firewall Rules - the user can only view firewall rules for appliances in their own bucket
  • Update own Firewall Rules - the user can only edit firewall rules for appliances in their own bucket

Be aware that additionally the following permissions should be enabled before setting firewall rules for your virtual server:

Update own virtual server – the user can only edit their own virtual servers
Read own virtual servers – the user can only read their own virtual servers

For details, refer to the Set Virtual Server Firewall Rules section.

 Federation failed action

  • Clean own federation failed actions - the user can clean their own federation failed actions
  •  Read own federation failed actions - the user can read their own federation failed actions

G

Global Search

OnApp administrators can control user access to global search. You can set the following global search for user roles:

  • Global search - global search through the whole database

For details, refer to the Cloud Search Tool section.


Groups

This set of permissions is reserved for future use and currently is not used. Enabling or disabling those permissions will not affect the system in any way.

H

Hardware Info

OnApp administrators can control user access to hardware information that is available for all compute resources and backup servers in the Settings menu. The access to the Hardware Info page for a particular compute resource or backup server is controlled under the See all compute resources/See all backup servers and Update any compute resource/Update any backup server permissions. 

You can set the following hardware info permissions for user roles:

  • See all Hardware Info - the user can see all hardware information in the Settings menu

For details, refer to the Hardware Info section.


Help

OnApp administrators can control user access to help section. You can set the following permissions for user roles:

  • All actions on Help - the user can take any action under the Help menu
  • Send Support requests - the user can send support requests from the Help menu

For details, refer to Help chapter.

I

Instance Packages

OnApp administrators can control user access to instance packages. You can set the following permissions for user roles:

  • Any action on instance packages - the user can create, view, edit, and delete instance packages

  • Create instance package - the user can add a new instance package

  • Delete any instance package - the user can delete any instance package

  • See all instance packages - the user can see all instance packages

  • Update any instance package - the user can edit any instance package

For details, refer to the Instance Packages section.


Internationalization

OnApp administrators can control user access to internationalization locales. You can set the following permission:

  • Edit Internationalization Locales - the user can view and edit all non-English language phrases

For details, refer to the Localization and Customization section.


IO Limiting

OnApp administrators can control user access to IO limiting. You can set the following permissions:

  • Any actions on IO limits - the user can update all IO limits for disks and data stores
  • Update any IO limits - the user can update IO limits for any disks and data stores
  • Update own IO limits - the user can update IO limits for own disks

For details on IO limiting, refer to the Edit Data Store IO Limits section.


IO Statistics

OnApp administrators can control user access to IOPS statistics. You can set the following permissions:

  • Full access to IO Statistics - the user has full access to Input/Output Operations VS disk statistics
  • See all IO Statistics - the user can view all charts with IO Statistics
  • See own IO Statistics - the user can see IO Statistics only for those VS disks that belong to them


For details on IO Statistics, refer to the View Disk IOPS section.


IP Addresses

OnApp administrators can control users' ability to manage IP addresses. You can set the following IP address permissions for user roles:

  • Any action on IP addresses - the user can take all actions listed below on IP addresses
  • Assign IP address to user - the user can assign IP address to user
  • Create a new IP address - the user can add a new IP address
  • Destroy any IP address - the user can delete any IP address
  • See all IP addresses - the user can see all IP addresses

For details, refer to the Assign/Unassign IP Address to User section.


IP Nets

OnApp administrators can control users' ability to manage IP nets. You can set the following IP nets permissions for user roles:

  • All actions on IP Nets - the user can take all action listed below on IP net

  • Add IP Nets to any network - the user can add an IP net to any network

  • Add IP net to own networks - the user can only add IP net to their own networks
  • Remove IP Nets from any network - the user can remove an IP net from any network
  • Remove IP nets from own networks - the user can only remove IP net from their own networks
  • View IP Nets assigned to any network - the user can see IP nets assigned to any network

For details, refer to IP Nets section. 


IP Ranges

OnApp administrators can control users' ability to manage IP ranges. You can set the following IP ranges permissions for user roles:

  • All actions on IP Ranges - the user can take all actions listed below on IP ranges
  • Add IP Ranges to any IP Net - the user can add an IP range to any IP net
  • Add IP Ranges to own IP Nets - the user can only add IP range to their own IP nets
  • Remove IP Ranges from any IP Net - the user can remove an IP range from any IP net
  • Remove IP Ranges from own IP Nets - the user can only remove IP range from their own IP nets
  • View IP Ranges assigned to any IP Net - the user can see IP ranges assigned to any IP net

For details, refer to IP Ranges section. 


ISOs

OnApp administrators can control users' ability to manage ISOs. You can set the following ISO permissions for user roles:

  • Any action on ISOs - the user can take any action on ISOs
  • Create a new ISO - the user can create a new ISO
  • Destroy any ISO - the user can delete any ISO (own, user, and public)
  • Destroy own ISO - the user can only delete own ISO 
  • Destroy user ISO - the user can delete ISOs created by any user, but not public ISOs 
  • Make any ISO public - the user can make public any ISO available to all users
  • Make own ISO public - the user can make public own ISOs only
  • Make user ISO public - the user can make public ISOs created by any user 
  • Create and manage own ISOs - the user can create and edit/delete/view own ISOs
  • Manage all ISOs - the user can manage own/user/public ISOs
  • Create and manage user ISOs - the user can view/create/edit/delete ISOs created by any user
  • See all ISOs - the user can view all ISOs in the cloud
  • See own ISOs - the user can only view the ISOs created by themselves
  •  Read all public ISOs - the user can view all public ISOs

For details, refer to the Manage ISOs section.

J

K

L

Last Access Log

OnApp administrators can control users access to logs. You can set the following last access log permissions for user roles:

  • Any action on last access log - the user can view information on all the IP addresses that logged in to his account together with the time and date of last access
  • See the last access log of any user - the user can see the last access log of other users
  • See own last access log - the user can only see their own last access log


Load Balancers

OnApp administrators can control users' ability to manage load balancers. You can set the following load balancer permissions for user roles:

  • Any action on load balancer - the user can create and manage load balancers
  • Migrate any load balancer - the user can migrate any load balancer
  • Migrate own load balancer - the user can only migrate their own load balancer

For details, refer to the Load Balancers section.


Load Balancing Clusters

OnApp administrators can control users' ability to manage load balancing clusters. You can set the following load balancing cluster permissions for user roles:

  • Any action on load balancing cluster - the user can take all actions listed below on load balancing clusters
  • Configure autoscale out parameter of load balancing cluster - the user can configure Autoscale Out when creating/updating a load balancing cluster
  • Create a new load balancing cluster - the user can create a new load balancing cluster
  • Delete own load balancing cluster - the user can only delete own load balancing clusters
  • See details of own load balancing cluster - the user can only see details of own load balancing cluster
  • Change own load balancing cluster - the user can only change own load balancing cluster

For details, refer to the Load Balancers section.


Location Groups

OnApp administrators can control users' ability to manage location groups. You can set the following location groups permissions for user roles:

  • Any action on location groups - the user can create, view, refresh, and delete location groups
  • Create a new location group - the user can add a new location group
  • Delete any location group - the user can attempt to delete location group

  • See all location groups - the user can see details of any location group
  • Refresh location groups - the user can refresh location groups

For details, refer to the Location Groups section.

Log Items

OnApp administrators can control users' ability to manage log items. You can set the following log items permissions for user roles:

  • Any action on log items - the user can view and delete any log items
  • Delete any log item - the user can delete any log item
  • Delete own log item - the user can only delete their own log items
  • See details of own log item - the user can only see details of their own log items

For details, refer to the Logs section.

M

Media

OnApp administrators can control users' ability to manage Media files.You can set the following media permissions for user roles:

  • Any action on Media - the user can delete, view, and edit media files
  • Delete any Media - the user can delete any media files
  • See any Media - the user can view any media files
  • Update any Media - the user can edit any media files


Messaging: Deliveries

OnApp administrators can control users' access to messaging deliveries. You can set the following messaging deliveries permissions for user roles:

  • Any action on deliveries - the user can view and delete notifications deliveries
  • See all deliveries - the user can see all deliveries

For details, refer to the Deliveries section.


Messaging: Events

OnApp administrators can control users' access to messaging events. You can set the following messaging events permissions for user roles:

  • Any action on events - the user can view and add messaging events
  • Add a new event - the user can add new messaging events
  • See all events - the user can see all messaging events

For details, refer to the Events section.


Messaging: External Recipients

OnApp administrators can control users' access to external recipients. You can set the following external recipients permissions for user roles:

  • Any action on external recipients - the user can perform any action on external recipients
  • Add a new external recipient - the user add new external recipients
  • Delete external recipient - the user can delete any external recipients
  • See all external recipients - the user can see all external recipients
  • Update external recipients - the user can edit any external recipients

For details, refer to the Recipients section.

Messaging: Gateways

OnApp administrators can control users' access to messaging gateways. You can set the following messaging gateways permissions for user roles:

  • Any action on gateways - the user can view, edit, create and delete gateways
  • Add a new gateway - the user can add new messaging gateways
  • Delete gateway - the user can delete any messaging gateways
  • See all gateways - the user can see all messaging gateways
  • Update gateway - the user can edit any messaging gateways

For details, refer to the Gateways section.


Messaging: Notifications

OnApp administrators can control users' access to messaging notifications. You can set the following messaging notifications permissions for user roles:

  •  Any action on notifications - the user can view, enable, and disable messaging notifications

For details, refer to the Notifications  section.



Messaging: Notification Templates

OnApp administrators can control users' access to messaging notification templates. You can set the following messaging notification templates permissions for user roles:

  • Any action on notification templates - the user can perform any action on notification templates
  • Add a new notification template - the user can add new notification templates
  • Delete notification template - the user can delete any notification templates
  • See all notification templates - the user can view all notification templates
  • Update notification template - the user can edit any notification templates

For details, refer to the Notification Templates section.


Messaging: Recipients Lists

OnApp administrators can control users' access to recipients lists. You can set the following recipients lists permissions for user roles:

  • Any action on recipients lists - the user can view, edit, create and delete recipients lists 
  • Add a new recipients list - the user can add new recipients lists
  • Delete recipients lists - the user can delete any recipients lists
  • See all recipients lists - the user can see all recipients lists
  • Update recipients lists - the user can edit any recipients lists

For details, refer to the Recipients section.


Messaging: Subscriptions

OnApp administrators can control users' access to messaging subscriptions. You can set the following subscriptions permissions for user roles:

  • Any action on recipients subscriptions - the user can view, create and delete messaging subscriptions
  • Add a new subscription - the user can add new messaging subscriptions
  • Delete subscription - the user can delete any subscriptions
  • See all subscriptions - the user can view all subscriptions

For details, refer to Subscriptions section.


Monthly User Billing
 Statistics

OnApp administrators can control users' access to monthly user billing statistics. You can set the following user monthly bills permissions for user roles:

  • Full access to user Monthly Bills Statistics - the user has full access to monthly bills statistics of all users
  • See all Monthly user Bills Statistics - the user can see all user monthly bills statistics
  • See only own user Monthly Bills Statistics - the user can only see own user monthly bills statistics


Monthly User Group Billing Statistics

OnApp administrators can control users' access to monthly user group billing statistics. You can set the following user group monthly bills permissions for user roles:

  • Full access to user group Monthly Bills Statistics - the user has full access to user group monthly bills statistics
  • See all Monthly user group Bills Statistics - the user can see all user group monthly bills statistics
  • See only own user group Monthly Bills Statistics - the user can only see own user group monthly bills statistics

N

Nameservers

OnApp administrators can control users' ability to manage name servers. You can set the following nameservers permissions for user roles:

  • Any action on nameservers - the user can view, edit, create and delete nameservers
  • Create a new nameserver - the user can create a new nameserver
  • Destroy any nameserver - the user can delete any nameserver
  • See all nameservers - the user can see all nameservers

Networks

OnApp administrators control how users can manage networks. You can set the following network permissions for user roles:

  • Any action on networks - the user can take all actions listed below on networks
  • Add new network - the user can create a new network. This permission also controls the user's ability to create IP nets and IP ranges.
  • Add new own network - the user can create a new own network
  • Delete network - the user can delete a network
  • Delete own network - the user can delete own network
  • Show Networks on Virtual Server creation - the user can see networks in a VS creation wizard 
  • See all networks - the user can see all networks

 Network Joins

OnApp administrators can control users' ability to manage network joins. You can set the following network joins permissions for user roles:

  • All actions on network joins - the user can attach or detach all/own networks to a compute resource or a compute zone
  • Attach network to any compute resource or a compute zone - the user can attach all/own networks to any compute resource or a compute zone
  • Detach network from any compute resource or a compute zone - the user can detach all/own networks from any compute resource or a compute zone

For details, refer to Manage Compute Zone Networks section.


Network Zones

OnApp administrators control a user's ability to manage network zones. You can set the following network zone management permissions for user roles:

  • Any action on network zones - the user can take all actions listed belos on network zones
  • Create a new network zone - the user can create a new network zone
  • Delete any network zone - the user can delete any network zone
  • Show Network Zones on Virtual Server creation - the user can see network zones in a VS creation wizard 
  • See list of all network zones - the user can see list of all network zones
  • See details of any network zone - the user can see details of any network zone
  • Update any network zone - the user can update any network zone

For details, refer to the Network Zones section.

O

OnApp Storage

OnApp administrators can control users' ability to manage OnApp Storage. You can set the following OnApp Storage management permission for user roles:

    • Manage OnApp storage - the user can access and manage the OnApp storage settings
    • Override Integrated Storage cache settings - the user can override Integrated Storage cache settings

For details, refer to the Storage Settings section.


OAuth Providers

OnApp administrators can control users' ability to manage OAuth providers. You can set the following OAuth providers permissions for user roles:

  • Any action on OAuth providers - the user can view, configure, and edit all OAuth providers  

  • See all OAuth providers - the user can see all configured OAuth providers
  • Update any OAuth provider - the user can edit any OAuth provider

For details, refer to the OAuth section.

OVAs

OnApp administrators can control users' ability to manage OVAs. You can set the following OVA permissions for user roles:

  • Any action on OVAs - the user can take all actions listed below on OVAs:
  • Create a new OVA - the user can add a new OVA to the cloud
  • Destroy any OVA - the user can delete any OVA (own, user, and public)
  • Destroy own OVA - the user can only delete own OVA
  • Destroy user OVA - the user can delete OVAs created by any user, but not public OVAs 
  • Make any OVA public - the user can make any OVA available to all users in the cloud
  • Make own OVA public - the user can make available to all users only own OVAs 
  • Create and manage OVAs - the user can create and edit/delete/view OVAs
  • Manage public OVAs - the user can manage public OVAs
  • Create and manage user OVAs - the user can view/create/edit/delete OVAs created by any user
  • See all OVAs - the user can see the list of all OVAs in the cloud
  • See own OVAs - the user can only view the OVAs created by themselves
  • Read all public OVAs - the user can see the list of all public OVAs
  • See user OVAs - the user can see the list of the OVAs created by any user in the cloud
  • Unlock any OVA -  the user can unlock any OVA locked for the time period while it is being converted to make editing and deleting  instantly available
  • Update any OVA - the user can edit any OVA in the cloud (change label, version, and other details, depending on the virtualization type)
  • Update own OVA - the user can only edit own OVA (change label, version, and other details, depending on the virtualization type)
  • Update user OVA - the user can edit  the OVAs created by any user in the cloud (change label, version, and other details, depending on the virtualization type)
  • Manage System Service Add-ons - the user can assign to an OVA all the system service add-ons in the cloud
  • Manage own System Service Add-ons -  the user can assign to an OVA only own system service add-ons

For details, refer to the OVAs section.

P

Payments

OnApp administrators control how users can manage payments. You can set the following payments permissions for user roles:

  • Any action on payments - the user can take any action on payments
  • Create a new payment - the user can create a new payment
  • Destroy any payment - the user can delete any payment
  • See all payments - the user can see all payments
  • See own user payments - the user can only see their own user payments

    Please note that if a user has See own company payments permission enabled but does not have a VMware integration, they will see all the payments in the cloud.

  • See own company payments - the user can only see all the payments of their user group
  • Update any payment - the user can edit any payment

For details, refer to the User Payments section.


Permissions

OnApp administrators control a user's ability to manage permissions. You can set the following permissions for user roles:

  • Any action on permissions - the user can create, edit, view and delete permissions
  • Create a new permission - the user can add new permissions
  • Destroy any permission - the user can delete any permission within the cloud
  • See all permissions - the user can see the list of all permissions in the cloud
  • Update any permission - the user can edit any permission within the cloud

For details, refer to the OnApp Permissions section.

Q

R

Recipes

OnApp administrators control a user's ability to manage recipes. You can set the following permissions:

  • Any actions on Recipes - the user can create, edit, view and delete all recipes
  • Create new Recipes - the user can add a new recipes  
  • Delete own Recipes - the user can delete own recipes
  • Edit own Recipes - the user can edit own recipes
  • Read own Recipes - the user can read own recipes

For details, refer to the Recipes section.


Recipe Groups

OnApp administrators control a user's ability to manage recipe groups. You can set the following recipe groups permissions for user roles:

  • Any action on recipe groups - the user can create, edit, view and delete recipe groups
  • Create a new recipe group – the user can create a new recipe group
  • Destroy any recipe group - the user can delete any recipe group
  • See all recipe groups – the user can view the list of recipe groups

For details, refer to the Recipe Groups section.


Recipe Group Relations

OnApp administrators control how users can manage recipe group relations. You can set the following recipe group relations permissions for user roles:

  • Any action on recipe group relations - the user can add recipes to a group or child group and manage the structure in the groups
  • Create a new recipe group relation -the user can add recipes to groups and create child groups
  • Destroy any recipe group relation - the user can remove any recipe from a group
  • See all recipe group relations  - the user can view the list of recipe groups and their structure

For details, refer to the Recipe Groups section.


Recovery Points 

OnApp administrators control how users can manage recovery points for virtual servers with the assigned backup resources. You can set the following permissions for user roles:

  • Any action on recovery points the user can take all actions listed below on recovery point
  • Create any recovery point - the user can create a recovery point for any VS
  • Create own recovery point - the user can create a recovery point for the VSs that are in their bucket 
  • See any recovery point - the user can see a recovery point for any VS
  • See own recovery point - the user can see a recovery point for the VSs that are in their bucket 
  • See any recovery point size - the user can see a recovery point size for any VS
  • See own recovery point size - the user can see a recovery point size for the VSs that are in their bucket 
  • Restore any recovery point - the user can restore any VS from a recovery point
  • Restore own recovery point - the user can restore the VSs that are in their bucket from a recovery point

For details, refer to the Recovery Points section.


Relation Group Templates

OnApp administrators control how users can manage relation group templates. You can set the following relation group templates permissions for user roles:

  • Any action on relation group templates - the user can add templates to a group or child group and manage the structure in the groups

  • Create a new relation group template - the user can add all templates in the cloud to groups and create child groups
  • Create own relation group template - the user can add only their own templates to groups 
  • Destroy any relation group template - the user can remove any template in the cloud from a group or child group 
  • Destroy own relation group templates - the user can remove only their own template from a group or child group 
  • See all relation group templates - the user can see all template groups and child groups
  • See own relation group templates - the user can see only their own template groups and child groups
  • Update price for relation group template - the user can update price for template groups

To establish full control over templates and template groups, refer to the corresponding sections on this page. For details, refer to the Template Store and My Template Groups sections.


Resource Diff

OnApp administrators control how users can manage resource differences. You can set the following resource differences permissions for user roles:

  • Any actions on resource diff - the user can view the changes which a resource has undergone (e.g disk resize), both the old and the new value of the resource.
  • See any Resource Diff - the user can view the list of all resource differences in the cloud
  • See own Resource Diff - the user can view the changes to resources of only their objects

For details, refer to Sysadmin section.


Resource Limits

OnApp administrators control how users can manage resource limits. You can set the following resource limits permissions for user roles:

  • Any action on resource limit - the user can create, edit, view and delete resource limits
  • Create a new resource limit - the user can add new resource limits
  • Destroy any resource limit - the user can delete any resource limit
  • See all resource limits - the user can see the list of all resource limits in the cloud
  • See own resource limits - the user can only see their own resource limits
  • Update any resource limit - the user can edit resource limits for any user account in the cloud

For details, refer to Configure Resource Allocation and Prices section.


Restrictions Resources

OnApp administrators can control users' ability to manage restrictions resources. You can set the following restrictions resources permissions for user roles:

  • Any actions on restrictions resources - the user can set restriction on any resource while configuring restriction sets 
  • See all restrictions resources - the user can see the list of all restrictions resources while configuring restriction sets 

For details, refer to the List of Restrictions Resources section.


Restrictions Sets

OnApp administrators can control users' ability to manage restrictions sets. You can set the following restrictions sets permissions for user roles:

  • Any action on restrictions sets - the user can take any action on restrictions sets 
  • Create a new restrictions set - the user can create a new restrictions set 
  • Delete restrictions set - the user can delete any restrictions set 
  • See all restrictions sets - the user can see all restrictions sets
  • See own restrictions sets - the user can see restrictions sets assigned to his role(s)
  • Update restrictions set - the user can update any restrictions set

For details, refer to the Restrictions Sets section.


Roles

OnApp administrators control a user's ability to manage roles. You can set the following permissions:

  • Any action on Roles - the user can create, edit, view and delete roles
  • Create a new Role - the user can create a new role
  • Destroy any Role - the user can delete any role
  • See all Roles - the user can see all roles
  • See user's own roles - the user can see only roles assigned to them

For details, refer to the Roles section.

S

SAML Identity Providers

OnApp administrators control a user's ability to manage identity providers. You can set the following SAML identity providers' management permissions for user roles:

  • Any action on SAML identity providers - the user can perform any action on SAML Identity Providers
  • Create a SAML identity provider - the user can add new Identity Provider
  • Destroy any SAML identity provider - the user can delete any Identity Provider
  • See all SAML identity providers - the user can see the list of all Identity Providers
  • Update any SAML identity provider - the user can edit any SAML Identity Provider

For details, refer to the Manage Identity Providers section.

Schedule Logs

OnApp administrators control a user's ability to manage schedule logs. You can set the following permissions:

  • Any action on schedule logs - the user can create, edit, view and delete schedule logs
  • Create a new schedule log - the user can add new schedule logs
  • Destroy any schedule log - the user can destroy any schedule log
  • See all schedule logs - the user can see all schedule logs in the cloud
  • See own schedule logs - the user can only see their own schedule logs
  • Update any schedule log - the user can edit any schedule log in the cloud

For details, refer to the Schedules Settings section.


Schedules

OnApp administrators control users' ability to manage schedules. You can set the following schedule management permissions for user roles:

  • Any action on schedules - the user can create, edit, view and delete schedules
  • Create a new schedule - the user can add new schedules
  • Destroy any schedule - the user can delete any schedule in the cloud
  • Destroy own schedule - the user can only delete their own schedules
  • See all schedules - the user can see all schedules
  • See own schedules - the user can only see their own schedules
  • Update any schedule - the user can edit any schedule
  • Update own schedule - the user can only edit their own schedules

For details, refer to the Schedules Settings section.

SDN Managers

OnApp administrators control how users can manage SDN managers. You can set the following permission:

  • Any action on SDN Managers - the user can create and manage SDN managers

For details, refer to the SDN Managers section.


SDN Networks

OnApp administrators control how users can manage SDN networks. You can set the following permissions:

  • Any action on SDN Networks - the user can create and manage SDN networks

For details, refer to the SDN Networks section.


Service Add-ons

OnApp administrators control users' ability to manage service add-ons. You can set the following service add-on management permissions for user roles:

  • Any actions on Service Add-ons -  the user can view, create, edit and delete service add-ons
  • Create new Service Add-ons - the user can add new service add-ons 
  • Delete Service Add-ons - the user can delete any service add-ons within the cloud
  • Delete own Service Add-ons - the user can delete only their own service add-ons  
  • Edit any Service Add-on - the user can edit all service add-ons within the cloud: change label, description, icon, compatible OS, or make service add-on available in VS Creation wizard
  • Edit own Service Add-ons - the user can edit only their own service add-ons
  • Read all Service Add-ons - the user can view all service add-ons within the cloud
  • Read own Service Add-ons - the user can view the list of only their own service add-ons 

For details, refer to the Service Add-ons section.


Service Add-on Groups

OnApp administrators control users' ability to manage service add-on groups. You can set the following service add-on group management permissions for user roles:

  • Any action on Service Add-on Groups -  the user can take all actions listed below on service add-on groups - view, create, edit and delete service add-on groups
  • Create a new Service Add-on group - the user can add new service add-on groups and add child service add-on groups 
  • Destroy any Service Add-on group - the user can delete any service add-on group within the cloud
  • Destroy own Service Add-on group  - the user can delete only their own  service add-on groups 
  • See all Service Add-on groups - the user can view the list of all service add-on groups within the cloud
  • Manage any Service Add-on group - the user can manage a Service Add-on group: edit a service add-on group, assign a particular service add-on to a service add-on group, remove service add-on from the service add-on group, edit service add-on price.

For details, refer to the Manage Service Add-on Store section.


Service Catalog

OnApp administrators control users' ability to access the service catalog. You can set the following service catalog permission for user roles:

  • Any action related to service catalog - user can  take any action related to the service catalog  

For details, refer to the Service Catalog section.


Service Insertion Groups

OnApp administrators control users' ability to access the service insertion groups. You can set the following service insertion groups permissions for user roles:

  • Any action on Service Insertion Groups - the user can create, edit, view and delete service insertion groups
  • Create new Service Insertion Group - the user can create a new service insertion group
  • Destroy any Service Insertion Group - the user can delete any service insertion group

For details, refer to the Service Insertion Framework Configuration section.


Service Insertion Pages

OnApp administrators control users' ability to access the service insertion pages. You can set the following service insertion pages permissions for user roles:

  • Any action on Service Insertion Pages the user can create, edit, view and delete service insertion pages
  • Create new Service Insertion Page - the user can create a new service insertion page
  • Destroy any Service Insertion Page - the user can delete any service insertion page

For details, refer to the Service Insertion Framework Configuration section.


Sessions

OnApp administrators control a user's ability to drop sessions. You can set the following drop session permissions for user roles:

  • Any actions on sessions -  the user can terminate a session because they can’t get to a PC or have a bad connection
  • Drop all the existing sessions - the user can drop all the existing sessions including their own
  • Drop all the user sessions but the current - the user can delete all the sessions created under their account but their current

For details, refer to the View User Account Details section.


Settings

OnApp administrators control a user's ability to manage settings. You can set the following permissions:

  • Any action on settings -  the user can take all actions listed below on settings
  • Manage SSL certificate - the user can upload and update SSL certificate located under config/ssl_certificates folder
  • See read settings - the user can view general OnApp configuration
  • Restart Dashboard Client - the user can Restart License Client (necessary in such cases as changing license key)
  • Update Settings - the user can edit general OnApp configuration
  • View OnApp version - the user can check which version of OnApp is installed

For details, refer to the OnApp Configuration section.


Smart Servers

OnApp administrators control how users can manage smart servers. You can set the following smart servers permissions for user roles:

  • Add recipe to any Smart Server - the user can add recipes to any smart server within the cloud
  • Add recipe to own Smart Server - the user can add recipes to their own smart servers only 
  • Remove recipe from any Smart Server - the user can remove a recipe from any smart server within the cloud
  • Remove recipe from own Smart Server - the user can remove recipe from their own smart server

For details, refer to the Smart Servers section. 


SSH Keys

OnApp administrators control how users can manage SSH keys. You can set the following SSH keys permissions for user roles:

  • Add ssh keys for all the virtual servers- the user can add SSH keys for all the virtual servers. Enabling this permission means that the keys are configured in Settings > SSH keys and are added to all VSs in the cloud every time a user creates a new VS or runs Set SSH keys for their VS. Therefore, we recommend enabling this permission only for those users that might really need it, namely, administrators.
  • Add ssh keys for own virtual servers - the user can only add SSH keys for own virtual servers. Enabling this permission means that the keys won't be added to Settings > SSH keys and will be added to the VSs that belong to this particular user only.

For details, refer to the Create and Manage User Accounts section.


Sysadmin Tools

OnApp administrators control how users can manage sysadmin tools. You can set the following sysadmin tools permissions for user roles:

  • Any action Sysadmin Tools - the user can take any action on the items in the Sysadmin Tools menu, including operating Background Task Daemon, running Availability Check, and see the list of Running Processes.


For details, refer to the Sysadmin section.

T

Templates

OnApp administrators control how users can manage templates. You can set the following template sets permissions for user roles:

  • Any action on templates  - the user can take all actions listed below on all templates
  • See the list of available for installation templates - the user can see all templates available for the installation from the template server 
  • Install template upgrades - the user can install upgrades to the system templates
  • See the list of template upgrades - the user can see the upgrades for the installed system templates 
  • Create a new template - the user can add new templates
  • Destroy any template - the user can delete any template within the cloud
  • Destroy own template - the user can only delete their own templates
  • Destroy user template - the user can delete any user templates (created by backing up an existing virtual server, and converting that backup to a template)
  • See the list of inactive templates -  the user can view the list of inactive templates
  • See list of active installations - the user can view the list of active template installations
  • Make any template public - the user can make any template public
  • Make own template public -  the user can only make their own templates public
  • Make user template public -  the user can make any user templates public (created by backing up an existing virtual server, and converting that backup to a template)
  • See user templates - the user can see all user templates (those created by backing up an existing virtual server, and converting that backup to a template)
  • Manage recipe for any template - the user can manage recipes for any template: assign recipes to a template and unassign it 
  • Manage recipe for own templates - the user can manage recipes for own templates only: assign recipes to a template and unassign it 
  • Restart failed installation - if template installation failed, the user can restart the installation
  • Update any template - the user can edit any template: change label, version, min disk size, etc 
  • Update own template - the user can only edit their own templates: change label, version, min disk size, etc 
  • Update user template - the user can edit user templates: change label, version, min disk size, etc 
  • Manage System Service Add-ons - the user can assign to template any system service add-on in the cloud
  • Manage own System Service Add-ons - the user can assign to templates only own system service add-ons 
  •  Manage own templates - the user can create and manage their own templates
  •  See all public templates - the user can see all public templates

For details, refer to the Templates section.


Template Groups

OnApp administrators can control users' ability to manage image template groups. You can set the following image template groups permissions for user roles:

  • Any action on template group -  the user cancreate, edit, view and delete all template groups.
  • Create a new template group - the user can add a new template group to the Template Store
  • Create own template group - the user can create his own template group in the My Template Groups menu
  • Delete any template group - the user can delete a template group
  • Delete own template group - the user can delete his own template group
  •  See details of any template group (image_template_groups.read) - the user can view template group details

For details, refer to the Template Store and My Template Groups sections.


Themes

OnApp administrators control a user's ability to manage themes. You can set the following themes permissions for user roles:

  • Any action on Themes - the user can create, edit, view and delete themes.
  • Create Theme  - the user can add new themes
  • Destroy Theme - the user can delete themes
  • Read Theme - the user can view the list of all themes in the cloud
  • Update Theme - the user can edit all themes in the cloud

For details, refer to the Look & Feel section.


Transactions

OnApp administrators control a user's ability to manage transactions. You can set the following transactions permissions for user roles:

  • Any action on transactions - the user can take all actions listed below on transactions:
  • Cancel zombie transactions - the user can cancel transactions which run too long and are most likely failed
  • Cancel own zombie transactions - the user can cancel transactions which run too long and are most likely failed and were initiated by this user
  • Delete all transactions from log - the user can delete any transaction from log
  • Delete own transactions from logs - the user can only delete their own transactions from log
  • See details of own transaction - the user can only see details of their own transactions

For details, refer to the Virtual Server Transactions and Logs and Smart Server Transactions and Logs sections.

U

Users

OnApp administrators can control users' ability to manage configuration. You can set the following users permissions for user roles:

  • Any action on users - the user can take all actions listed below on user accounts in the cloud:
  • Upload avatar - the user can upload an avatar for a User Profile
  • Change user password - the user can change the password for their user account and passwords of all users within the cloud
  • Change own password - the user can only change password
  • Create any user - the user can create a new user account
  • Destroy any user - the user can delete any user account
  • Destroy own user - the user can only delete their own user account
  • Allow user to send password reminder - the user can send password reminder for other users at user profile page
  • User can login as any user - the user can log in as any user
  • See all users - the user can see all user accounts
  • See all users prices - the user can see all users prices. By disabling this permission together with the See user outstanding amount and See user summary payments permissions, you can hide the payment screen on the dashboard.
  • See user backups/templates prices – the user can see the price for the number of backups taken and templates uploaded by the user during the chosen period on the compute resource
  • See user bucket – the user can see the details of their buckets
  • See user hourly prices – the user can see the price for VSs, Load Balancers, and other resources charged for the previous hour
  • See user monthly prices – the user can see the price for VSs, Load Balancers, and other resources charged for the previous month
  • See user outstanding amount – the user can see the total amount of money owned by this user since it has been created, for all resources, minus the amount of Payments. 
  • See user summary payments – the user can see user’s summary payments.
  • See user total cost – the user can see users’ total cost
  • See user virtual server prices – the user can see the total due for all the VSs minus Backups/Templates Cost (if any) for the predefined period
  • See own users  the user can only see their own user account
  • Suspend and unsuspend users – the user can suspend/unsuspend any users
  • Unlock any user - the user can unlock any user within the cloud
  • Update any user – the user can edit any user account
  • Update own user – the user can only edit the user accounts they created: change name, bucket, role, etc
  • Generate API key – the user can generate API key for all users
  • Generate own API key – the user can only generate an API key for their own user account
  • Update own Yubikey - the user can modify only their own Yubikey. If a user does not have this or the Update Yubikey permission enabled, they will not be able to manage YubiKeys in the user profile.
  • Update Yubikey - the user can modify all user Yubikeys. If a user does not have this or the Update own Yubikey permission enabled, they will not be able to manage YubiKeys in the user profile.
  • Disable TOTP authentication - the user can disable TOTP-based authentication for two factor authentication (2FA)

For details, refer to the Users Accounts page.


User Additional Fields

OnApp administrators control a user's ability to create user additional fields. You should edit user profile to add necessary info to this additional field. It is regulated by Update any user permission.  You can set the following user additional fields permissions for user roles:

  • Any action on user additional fields - the user can create, edit, view and delete user additional fields,
  • Create user additional fields - the user can add new custom additional fields
  • Destroy any user additional fields - the user can delete any user additional fields
  • Read all user additional fields - the user can view all user additional fields in the user profile
  • Update all user additional fields - the user can edit all user additional fields

For details, refer to the Create and Manage User Accounts section.  


User Groups

OnApp administrators control a user's ability to manage user groups. You can set the following user groups permissions for user roles:

  • Any action on user groups - the user can create, edit, view and delete user groups
  • Create a new user group -the user can add a new user group
  • Destroy user group - the user can delete any user group within the cloud
  • See list of all user groups - the user can view only the list of all user groups created within the cloud, without the details
  • See details of any user group - the user can see details of any user group
  • Update any user group - the user can edit any user group within the cloud

For details, refer to the User Groups section.

V

Virtual Routers

OnApp administrators can control users' ability to manage virtual routers. You can set the following virtual routers permissions for user roles:

  • Any actions on Virtual Routers - the user can take all actions listed below on virtual routers:
  • Change an owner of any Virtual Router - the user can grant ownership of any virtual router in the cloud to another user
  • Convert any Virtual Server to Virtual Router - the user can сonvert any virtual server to virtual router
  • Convert own Virtual Server to Virtual Router - the user can convert own virtual server to virtual router 
  • Delete any Virtual Router - the user can remove any virtual router from the cloud
  • Delete own Virtual Router - the user can remove only own virtual routers
  • Migrate any Virtual Router - the user can migrate any virtual router in the cloud 
  • Migrate own Virtual Router - the user can migrate only their own virtual router
  • Any power action on Virtual Router - the user can take any power-related action on virtual router (e.g. reboot, suspend, shut down, start up, boot from ISO)
  • Any power action on own Virtual Router - the user can take any power-related action on own virtual router (e.g. reboot, suspend, shut down, start up, boot from ISO)
  • See any Virtual Router - the user can view the list of all virtual routers in the cloud
  • See own Virtual Routers - the user can view the list only of own virtual routers
  • Rebuild network on any Virtual Router - the user can rebuild network and assign IP nets on any virtual router
  • Rebuild network on own Virtual Routers - the user can rebuild network and assign IP nets only on  own virtual routers
  • Change Suspended status for any Virtual Router - the user can change suspend and unsuspend any virtual router 
  • Unlock any Virtual Router - the user can unlock XML config for any virtual router 

For details, refer to the Virtual Routers section.


Virtual Servers

OnApp administrators can control users' ability to manage virtual servers. You can set the following virtual servers permissions for user roles:

  • Any action on virtual servers - the user can take all actions listed below on virtual servers:
  • Accelerate any Virtual Server - the user can accelerate any virtual server in the cloud
  • Accelerate own Virtual Servers - the user can accelerate only own virtual servers
  • Any action with admin note - the user can take any action with admin note
  • Edit advanced XML configuration for any VS - the user can manage advanced XML configuration for any virtual server in the cloud
  • Edit advanced XML configuration for own VS - the user can manage advanced XML configuration for their own virtual servers
  • Schedule autobackups on any virtual server - the user can schedule autobackups on any virtual server in the cloud
  • Schedule autobackups on own virtual servers - the user can schedule autobackups on their own virtual servers
  • Allow all virtual servers to boot from ISO - the user can boot from ISO any virtual server in the cloud
  • Allow own virtual servers to boot from ISO - the user can boot from ISO their own virtual servers only
  • Build/rebuild any virtual server - the user can build or rebuild any virtual server in the cloud
  •  Build/rebuild user's own virtual server - the user can build or rebuild their own virtual servers only
  • Change an owner of any virtual server - the user can change the owner of any virtual server
  • Clone any Virtual Server - the user can clone any virtual server
  • Clone own Virtual Servers - the user can clone only their own virtual server
  • Console to any virtual server - the user can access any virtual server via console
  •  Console to own virtual server - the user can only access their own virtual server via console
  • Allow user to set CPU topology - the user can set CPU typology options with virtual server
  •  Create a new virtual server - the user can add new virtual servers
  •  Destroy own virtual server - the user can only delete their own virtual servers. To delete a virtual server together with its backups, the user needs to have the Destroy own backup permission enabled. Otherwise, the backups of the VS deleted by the user will remain in the system.
  •  Manage publications for all virtual servers - the user can manage publications for all virtual servers
  • Manage publications for own virtual servers - the user can manage publications only for their own virtual servers
  •  See own virtual servers - the user can only view the details of their own virtual servers
  •  Read Virtual Server's root password -  the user can read virtual server's root password 
  • Read own virtual server's root password - the user can read their own virtual server's root password
  • Rebuild network of any virtual server - the user can rebuild network on any virtual server
  •  Rebuild network of own virtual server - the user can only rebuild network of own virtual server  
  •  Reset root password of own virtual server - the user can only reset the root password of their own virtual servers
  • Select resources manually on virtual server creation - the user can select resources manually on virtual server creation 
  •  Update own virtual server - the user can edit only their own virtual servers
  •  Allow own virtual servers to boot from ISO - the user can boot from ISO their own virtual servers only
  • Schedule autobackups on own virtual server - the user can schedule autobackups on their own virtual server
  • Destroy any virtual server - the user can delete any virtual server
  • Destroy own virtual server - the user can delete only their own virtual server
  • Edit any network appliance config - the user can edit any network appliance config
  • Edit own network appliance config - the user can edit only their own appliance config
  • Edit any network appliance license - the user can edit any network appliance license
  • Edit own network appliance license - the user can edit only their own network appliance license
  • Infrastructure Mode - the user can use virtual server in Infrastructure Mode
  • Manage Virsh Console - the user can set manage Virsh Console
  • Migrate any virtual server - the user can migrate any virtual server
  •  Migrate own virtual server - the user can only migrate their own virtual servers
  • Move any virtual server to another federated location - the user can move any virtual server to another federated location
  • Move own virtual server to another federated location - the user can move their own virtual server to another federated location
  • Any power action on virtual servers - the user can take any power-related action on virtual servers
  •  Any power action on own virtual servers - the user can only take power-related actions on their own virtual servers
  • Allow to purge content of all Virtual Servers - the user can purge content of any virtual server
  • Allow to purge content of Own Virtual Servers - the user can purge content of their own virtual server
  • Read any virtual server - the user can read any virtual server
  • Read own virtual servers - the user can read their own virtual server
  • Read VIP status - the user can read VIP status of virtual server
  • Manage recipes joins for all virtual servers - the use can manage recipes joins for all virtual servers
  •  Manage recipes joins for own virtual servers - the user can manage recipe joins for own virtual servers
  • Report a federation problem on any virtual server - the user can report a federation problem on any virtual server
  • Report a federation problem on user's own virtual server - the user can report a federation problem on their own virtual server
  • Reset root password to any virtual server - the user can reset root password for any virtual server
  • Reset root password to own virtual server - the user can reset root password for their own virtual server
  • Select instance package on virtual server creation - the user can select instance package on virtual server creation
  • Manage Service Add-ons for all virtual servers - the user can manage Service Add-ons for all virtual servers
  • Manage Service Add-ons for own virtual servers - the user can manage Service Add-ons for their own virtual servers
  • Set Max Memory - the user can set Max Memory 
  • Set SSH keys - the user can set their own SSH key after virtual server is created
  • Set VIP status - the user can set/delete VIP status for virtual servers
  • Change suspended status for Virtual Server - the user can change suspended status for a virtual server
  • Allow insert/eject media for all virtual server - the user can insert/eject media for all virtual server
  • Allow insert/eject media for all virtual server - the user can insert/eject media for their own virtual server
  • Unlock any virtual server - the user can unlock any virtual server
  • Update all virtual server - the user can update all virtual servers
  • Update own virtual server - the user can update only their own virtual servers
  • Allow use virtual server as gateway - the user can use virtual server as a gateway for another virtual server

For details, refer to the Appliances section.

 Virtual server snapshots

  •  Create or restore own virtual server snapshot - the user can create/restore own snapshots
  •  Destroy own virtual server snapshot - the user can delete own snapshots
  •  See own virtual server snapshots - the use can see the list of own snapshots

Virtual Machine Statistics

OnApp administrators control user's access to virtual server statistics. You can set the following statistics permissions for user roles:

  • See Virtual Machine Statistics – the user has full access to view CPU utilization, billing, network interface usage, disk IOPS and accelerated virtual servers
  • See all Virtual Machines Statistics – the user can see statistics of all virtual servers in the cloud
  • See own Virtual Machines Statistics – the user can only see statistics of their own virtual servers

For details, refer to the Virtual Server Statistics section.


Virtual Server's IP Addresses

OnApp administrators can control users' ability to manage IP address joins. You can set the following IP address joins permissions for user roles:

  • All actions on virtual server's IP addresses - the user can take all the actions listed below on VS IP addresses:
  • Add IP address to any virtual server - the user can add an IP address to any virtual server
  • Add IP address to own virtual server - the user can only add IP addresses to their own virtual servers
  • Remove IP address from any virtual server - the user can remove IP addresses from any virtual servers
  • Remove IP address from own virtual server - the user can only remove IP addresses from their own virtual servers
  • See IP addresses assigned to any virtual servers - the user can see IP addresses assigned to any virtual server
  • See IP addresses assigned to own virtual servers - the user can see IP addresses assigned to their own virtual server

For details, refer to the Virtual Server IP Addresses section.

W

White IPs

OnApp administrators control a user's ability to manage white IPs. You can set the following white IPs permissions for user roles:

  • Manage all White IPs for users - the user can take all actions listed below on White IPs for users:
  • Create white IP for all users - the user can add white IP address for any user within the cloud
  • Create own white IP - the user can add a white IP address only for their own User Account
  • Destroy white IP for all users - the user can destroy any white IP of any user in the cloud
  • Destroy own white IPs - the user can only delete white IPs from their own User Account
  • Read all white user IPs - the user can view the list of all white IPs in the cloud 
  • Read own white IPs - the user can view the list of white IPs added to their User Account
  • Update white IP for all users - the user can edit all white IPs in the cloud
  • Update own white IPs - the user can edit only white IPs in their User Account

For details, refer to the User Whitelist IPs section.

X

Y

Z

Zabbix Server

OnApp administrators can control users' ability to manage the Zabbix server. You can set the following Zabbix server permission for user roles:

  • Any action related to zabbix server user can set up and manage Zabbix server