List of all OnApp Permissions

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

The list below includes all the permissions that can be set up in OnApp.

A

Accelerators

OnApp administrators can control users' ability to manage accelerators through the Control Panel's Roles menu. You can set the following accelerator permissions for user roles:

Any action on Accelerators - the user can take any actions on accelerators
Change an owner of any Accelerator - the user can change the owner of any accelerator
Create a new Accelerator - the user can create a new accelerator
Destroy any Accelerator - the user can destroy any accelerator
Destroy own Accelerators - the user can destroy own accelerators
Migrate any Accelerator - the user can migrate any accelerator
Migrate own Accelerators - the user can migrate own accelerators
Any power action on Accelerators- the user can take any power-related action on accelerator
Any power action on own Accelerators - the user can take any power-related action on own accelerators
See all Accelerators - the user can see all accelerators
See own Accelerators - the user can see own accelerators
Rebuild Network on any Accelerator - the user can rebuild network on any accelerator
Rebuild Network on own Accelerators - the user can only rebuild network on own accelerators
Change Suspended status for any Accelerator - the user can change Suspended status for any accelerator
Unlock any Accelerator - the user can unlock any accelerator
Update any Accelerator - the user can update any accelerator
Update own Accelerators - the user can update own accelerators

For details, refer to the Accelerators section.

Activity Logs

OnApp administrators can control users' ability to manage activity logs configuration through the Control Panel's Roles menu. The following activity logs for user roles can be set:

Any action on Activity Logs - the user can take any action on activity logs
Destroy any Activity Logs - the user can delete activity logs
Destroy own Activity Logs - the user can only delete their own activity logs
See list of all Activity Logs - the user can see list of all activity logs
See list own Activity Logs - the user can only see list of their own activity logs
See all Activity Logs - the user can see all activity logs
See all own Activity Logs - the user can only see their own activity logs

Application Servers

OnApp administrators can control users' ability to manage application servers. This is handled through the Control Panel's Roles menu. You can set the following application servers permissions for user roles:

Any action on application servers – the user can take any action on application servers
Change an owner of any application server – the user can change the owner of any application server
Create a new application server – the user can create a new application server
Destroy any application server – the user can delete any application server. To delete any application server together with its backups, the user needs to have the Destroy any backup permission enabled. Otherwise, the backups of the application server deleted by the user will remain in the system.
Destroy own application servers – the user can only delete their own application servers. To delete an application server together with its backups, the user needs to have the Destroy own backup permission enabled. Otherwise, the backups of the application server deleted by the user will remain in the system.
Migrate any application server – the user can migrate any application server
Migrate own application servers – the user can only migrate their own application servers
Any power action on application servers – the user can take any power-related action on application servers
Any power action on own application servers – the user can only take power-related actions on their own application servers
See all application servers – the user can view any application server. If this permission is enabled, the user can manage applications deployed on any application server.
See own application servers – the user can only view their own application servers. If this permission is enabled, the user can manage applications deployed on their application servers
Read VIP status - the user can read VIP status of application servers.
Rebuild Network on any application server – the user can rebuild network of any application server
Rebuild Network on own application servers – the user can only rebuild network of own application server
Set VIP status - the user can set/delete VIP status for application servers
Change Suspended status for application server – the user can change Suspended status for an application server
Unlock any application server – the user can unlock any application server
Update any application server – the user can edit any application server
Update own application servers – the user can only edit their own application servers

For details, refer to the Application Servers section.

Approvals

OnApp administrators can control users' ability to approve and decline transactions through the Control Panel's Roles menu. The following permissions for transaction approvals can be set:

Any Actions on Approvals - the user can take any action on approvals
See all Approvals - the user can see if any of the transactions is pending for approval
Update any Approval - the user can approve or decline transactions

For details, refer to the Transaction Approvals section.

Autoscaling Configuration

OnApp administrators can control users' ability to manage VS autoscaling configuration through the Control Panel's Roles menu. The following autoscaling permissions for user roles can be set:

Any Actions with Autoscaling Configuration - the user can take any action on autoscaling configuration
Create Autoscaling Configuration - the user can create autoscaling configuration
Destroy any Autoscaling Configuration - the user can delete autoscaling configuration
Destroy own Autoscaling Configuration - the user can only delete own autoscaling configuration
Read all Autoscaling Configuration - the user can read autoscaling configuration
Read own Autoscaling Configuration - the user can only read own autoscaling configuration
Update all Autoscaling Configuration - the user can edit autoscaling configuration
Update own Autoscaling Configuration - the user can only edit own autoscaling configuration

For details, refer to the Autoscale Virtual Server section.

Autoscaling Monitors

OnApp administrators can control users' access tomonitismonitors. You can set the followingmonitismonitors permissions for user roles:

Any Actions on relation autoscaling monitors - the user can perform any actions on relationmonitis monitors
View autoscaling monitor information - the user can viewmonitis monitor information

For details, refer to the View Load Balancer Autoscaling Monitors section.

Auto-Backup Presets

OnApp administrators can control users' ability to manage auto-backup presets configuration through the Control Panel's Roles menu. The following auto-backup presets permissions for user roles can be set:

Any action on auto-backup presets - the user can take any action on auto-backup presets that have been backed up automatically
See all auto-backup presets - the user can see all auto-backup presets that have been backed up automatically
Update any auto-backup presets - the user can edit any auto-backup presets that has been backed up automatically

For details, refer to the Auto-Backup Presets Settings section.

Availability

OnApp administrators can control users' ability to access and manage the High Availability system via Settings > HA Clusters. The following permission for user roles can be set:

Any action on Availability settings - a user can take any actions on High Availability general settings, hosts, clusters, communication rings, etc

For details, refer to the High Availability section.

B

Backups

OnApp administrators can control users' ability to manage backups through the Control Panel's Roles menu. You can set the following backup permissions for user roles:

Any action on backups - the user can take any action on any backup
Convert any backup to template - the user can take any backup of any virtual server, and convert it to a template
Convert own backup to template - the user can only convert their own backups to templates
Create backup for any VS - the user can create a backup of any virtual server
Create backup for own VS - the user can only create backups of their own virtual servers
Destroy any backup - the user can delete any backup. To delete any virtual server together with its backups, the user needs to have this permission enabled. Otherwise, the backups of the VS deleted by the user will remain in the system.
Destroy own backup - the user can only delete their own backups. To delete own virtual server together with its backups, the user needs to have this permission enabled. Otherwise, the backups of the VS deleted by the user will remain in the system.
See all backups - the user can see all backups
See own backups - the user can only see their own backups
Update any backup - the user can edit any backup
Update own backup - the user can only edit their own backups

For details, refer to the Virtual Server Backups section.

Backup Resources

OnApp administrators can control users ability to manage backup resources through the Control Panel's Roles menu. You can set the following backup resources permissions for user roles:

Any action on backup resources - the user can take any action on backup resources
Create backup resource - the user can create a backup resource
Delete any backup resource - the user can delete any backup resource
See any backup resource - the user can see any backup resource
Update any backup resource - the user can edit any backup resource

For details, refer to the Create and Manage Backup Resources section.

Backup Resource Zones

OnApp administrators can control users ability to manage backup resource zones through the Control Panel's Roles menu. You can set the following backup resource zones permissions for user roles:

Any action on backup resource zones - the user can take any action on backup resource zones
Create backup resource zone - the user can create a backup resource zone
Delete any backup resource zone - the user can delete any backup resource zone
See any backup resource zone - the user can see any backup resource zone
Update any backup resource zone - the user can edit any backup resource zone

For details, refer to the Create and Manage Backup Resource Zones section.

Backup Resource Auto Backup Presets

OnApp administrators can control users' ability to manage auto backup presets for backup resources through the Control Panel's Roles menu. You can set the following auto backup presets permissions for user roles:

Any action on auto backup presets - the user can take any action on auto backup presets
Create auto backup preset - the user can create an auto backup preset
Delete any auto backup preset - the user can delete any auto backup preset
See any auto backup preset - the user can see any auto backup preset
Update any auto backup preset - the user can edit any auto backup preset

For details, refer to the Create and Manage Auto Backup Presets section.

Backup Servers

OnApp administrators can control users' ability to manage backup servers through the Control Panel's Roles menu. You can set the following backup server permissions for user roles:

Any action on Backup servers - the user can take any action on any Backup server
Add a new Backup server - the user can add a Backup server
Delete any Backup server - the user can delete any Backup server
See all Backup servers - the user can see all Backup servers
Update any Backup server - the user can edit any Backup server

For details, refer to the Backup Servers Settings section.

On this page:

A

Accelerators
Activity Logs
Application Servers
Approvals
Autoscaling Configuration
Autoscaling Monitors
Auto-Backup Presets
Availability

B
Backups
Backup Resources
Backup Resource Zones
Backup Resource Auto Backup Presets
Backup Servers
Backup Server Zones
Blueprints
Blueprint Groups
Buckets

C
CloudBoot
Compute Resources
Compute Resource Devices
Compute Zones
Container Servers
Control Panel
CPU Quota
Currencies
Custom Fields

D
Dashboard
Data Stores
Data Store Joins
Data Store Zones
Disks
DRaaS

F
Federation
Federation Failed Action
Firewall Rules

G
Global Search
Groups

H
Hardware Info
Help
HTTP Caching Rules

I
Instance Packages
Internationalization
IO Limiting
IO Statistics
IP Addresses
IP Nets
IP Ranges
ISOs

L
Last Access Log
Load Balancers
Load Balancing Clusters
Location Groups
Log Items

M
Media
Messaging: Deliveries
Messaging: Events
Messaging: External Recipients
Messaging: Gateways
Messaging: Notifications
Messaging: Notification Templates
Messaging: Recipients Lists
Messaging: Subscriptions
Monthly User Billing Statistics
Monthly User Group Billing Statistics

N
Nameservers
Networks
Network Joins
Network Zones

O
OnApp Storage
OAuth Providers
OVAs

P
Payments
Permissions
Provider Resource Pools

R
Recipes
Recipe Groups
Recipe Group Relations
Recovery Points
Relation Group Templates
Resource Diff
Resource Limits
Restrictions Resources
Restrictions Sets
Roles

S
SAML Identity Providers
Schedule Logs
Schedules
SDN Managers
SDN Networks
Service Add-ons
Service Add-on Groups
Service Catalog
Service Insertion Groups
Service Insertion Pages
Sessions
Settings
Smart Servers
SSH Keys
Sysadmin Tools

T
Templates
Template Groups
Themes
Transactions
Tunnels

U
Users
User Additional Fields
User Groups
User Group Additional Fields

V

Virtual Routers
Virtual Servers
Virtual Machine Statistics
Virtual Server's IP Addresses

W
White IPs

Z
Zabbix Server

Backup Server Zones

OnApp administrators can control users' ability to manage backup server zones through the Control Panel's Roles menu. The following backup server zone permissions for user roles can be set:

Any action on backup server zones - the user can take any action on backup server zones
Create a new backup server zone - the user can create a new backup server zone
Delete any backup server zone - the user can delete any backup server zone
See list of all backup server zones - the user can see list of all backup server zones
See details of any backup server zone - the user can see details of any backup server zone
Update any backup server zone - the user can edit any backup server zone

For details, refer to the Backup Server Zones Settings section.

Blueprints

OnApp administrators can control users' ability to manage blueprints through the Control Panel's Roles menu. You can set the following blueprint permissions for user roles:

Any action on Blueprints - the user can take any action on any blueprint
Create a new blueprint - the user can create a new blueprint
Destroy any blueprint - the user can delete any blueprint
Destroy own blueprint - the user can delete own blueprint
Deploy any blueprint - the user can deploy any blueprint
Deploy own blueprint - the user can deploy own blueprint
See all blueprints - the user can view all blueprints
Read own blueprint - the user can read own blueprints
Update any blueprint - the user can edit any blueprint
Update own blueprint - the user can edit own blueprints

For details, refer to the Blueprints section.

Blueprint Groups

OnApp administrators can control users' ability to manage blueprint groups through the Control Panel's Roles menu. You can set the following blueprint groups permissions for user roles:

Any action on Blueprint Groups - the user can take any action on blueprint groups
Create a new Blueprint Group - the user can create a new blueprint group
Destroy any Blueprint Group - the user can delete a blueprint group
See all Blueprint Groups - the user can view all blueprint groups
Update any Blueprint Group - the user can edit any blueprint group

For details, refer to the Blueprint Groups section.

Buckets

OnApp administrators can control users' ability to manage buckets through the Control Panel's Roles menu. You can set the following bucket permissions for user roles:

Any action on buckets - the user can take any action on any bucket
Create a new bucket - the user can create a new bucket
Delete any bucket - the user can delete any bucket
See list of all buckets - the user can see list of all buckets
See details of any bucket - the user can see details of any bucket
See own bucket - the user can only see own bucket
Update any bucket - the user can edit any bucket

For details, refer to the Buckets section.

C

CloudBoot

Manage CloudBoot configurations - the user can manage Cloud Boot settings

Compute Resources

OnApp administrators can control users' ability to manage Compute resources. This is handled through the Control Panel's Roles menu. You can set the following Compute resource permissions for user roles:

Any action on Compute resources - the user can take any action on Compute resources
Create a new Compute resource - the user can create a new Compute resource
Destroy any Compute resource - the user can delete any Compute resource
Set maintenance mode for any compute resource - the user can set maintenance mode for any Compute resource
See all Compute resources - the user can see all Compute resources
Show Compute resources on Virtual Server creation - display Compute resources on Add New Virtual Server screen. Note: the See All Compute resources permission must be enabled for this permission to work properly.
Reboot any Compute resource - the user can reboot any Compute resource
Enable/Disable Storage-related services - the user can enable and disable the storage-related services for any compute resource
Manage auto import rules - the user can manage auto import rules for any compute resource
Update any Compute resource - the user can edit any Compute resource

For details, refer to the Compute Resource Settings section.

Compute Resource Devices

OnApp administrators can control users' ability to manage compute resource devices. This is handled through the Control Panel's Roles menu. You can set the following compute resource devices permissions for user roles:

Any action on Compute Resource Devices - the user can take any action oncompute resource devices
See all Compute Resource Devices - the user can see allcompute resource devices
Update any Compute Resource Device - the user can edit anycompute resource device

Compute Zones

OnApp administrators can control users' ability to manage Compute zones. This is handled through the Control Panel's Roles menu. You can set the following Compute zone permissions for user roles:

Any action on Compute zones - the user can take any action on Compute zones
Create a new Compute zone - the user can create a new Compute zone
Delete any Compute zone - the user can delete any Compute zone
See list of all Compute zones - the user can see list of all Compute zones
See details of any Compute zone - the user can see details of any Compute zone
Show Compute Zones on Virtual server creation - display Compute zones on Add New Virtual Server screen. Note: the See Details of any Compute Zone permission must be enabled for this permission to work properly.
Manage recipes for Compute zone - the user can manage recipes for any Compute zone
Update any Compute zone - the user can edit any Compute zone

For details, refer to the Compute Zones Settings section.

Container Servers

OnApp administrators can control users' ability to manage container servers. This is handled through the Control Panel's Roles menu. You can set the following company control server permissions for user roles:

Any action on container servers - the user can take any actions on container servers
Build/rebuild any container server - the user can build/rebuild any container server
Build/rebuild user's own container server - the user can build/rebuild his own container server
Change an owner of any container server - the user can change the owner of any container server
Console to any container server - the user can access any container server via console
Console to own container server - the user can only access their own container server via console
Allow user to set CPU topology - the user can set CPU topology options for container server
Create a new container server - the user can create a new container server
Destroy any container server - the user can destroy any container server
Destroy own container servers - the user can destroy own container servers
Edit any container server's cloud config - the user can edit any container server's cloud config
Edit own container server's cloud config - the user can only edit their own container server's cloud config
Migrate any container server - the user can migrate any container server
Migrate own container servers - the user can migrate own container servers
Any power action on container servers - the user can take any power-related action on container server
Any power action on own container servers - the user can take any power-related action on own container servers
See all container servers - the user can see all container servers
See own container servers - the user can see own container servers
Read container server's root password - the user can read container server's root password
Read own container server's root password - the user can read own container server's root password
Read VIP status - the user can read VIP status of container servers
Rebuild network of any container server - the user can rebuild network of any container server
Rebuild network of own container server - the user can only rebuild network of own container server
Manage recipes joins for all container servers - the user can manage recipes joins for all container servers
Manage recipes joins for own container servers - the user can manage recipes joins for own container servers
Reset root password to any container server - the user can reset the root password for any container server
Reset root password to own container server - the user can only reset the root password for their own container servers
Set VIP status - the user can set/delete VIP status for container servers
Change Suspended status for container server - the user can change Suspended status for any container server
Unlock any container server - the user can unlock any container server
Update any container server - the user can update any container server
Update own container servers - the user can update own container servers

For details, refer to the Container Servers section.

Control Panel

Manage recipes for Control Panel - the user can manage recipes for any Control Panel

This permission will not be granted by pressing Full access button while editing the list of Permissions in the Roles section and can only be selected manually.

CPU Quota

OnApp administrators can control users' ability to manage CPU quota. You can set the following CPU quota permissions for user roles:

Manage CPU Quota - the user can enable/disable/edit CPU quota. Editing includes setting the default value of CPU quota on the compute resource level and editing the custom value on the virtual server level.

For details, refer to the Set Default CPU Quota section.

Currencies

OnApp administrators can control users' ability to manage currency through the Control Panel's Roles menu. You can set the following currency permissions for user roles:

Any action on Currencies - the user can take any action on currencies
Create new Currency - the user can create a new currency
Delete any Currency - the user can delete any currency
See list of all Currencies - the user can view any currency
Update all Currencies - the user can update any currency

For details, refer to the Currencies section.

Custom Fields

OnApp administrators can control users ability to manage the Hardware Info custom fields. You can set the following custom fields permissions for user roles:

Any actions on Custom Fields - the user can take any action on custom fields

For details, refer to the Hardware Info section.

D

Dashboard

OnApp administrators can control users' access to the dashboard through the Control Panel's Roles menu. You can set the following dashboard permissions for user roles:

All actions on Dashboard - the user can see all available dashboard actions
See Alerts - the user can see alerts on the dashboard, including zombie VSs and transactions, and background processes
See Global Statistic - the user can see Global Dashboard statistics
See License Details - the user can see Dashboard Cloud Licenses' details
Show cloud dashboard - the user can see the cloud details on the dashboard

For details, refer to the Dashboard section.

Data Stores

OnApp administrators can control user access to datastore management. You can set the following data store permissions for user roles:

Any action on data_stores - the user can take any action on data stores
Create a new data_store - the user can create a new data store
Destroy any data_store - the user can delete any data store
See all data_stores - the user can see all data stores
Update any data_store - the user can edit any data store

For details, refer to the Data Stores Settings section.

Data Store Joins

OnApp administrators can control users' ability to manage data store joins through the Control Panel's Roles menu. You can set the following data store joins permissions for user roles:

All actions on datastores on Compute resource - the user can take any action on data stores attached to a Compute resource
Add Data Store to any Compute resource - the user can add a data store to any Compute resource
Remove Data Store from any Compute resource - the user can detach a data store from any Compute resource

For details, refer to Manage Compute Zone Data Stores section.

Data Store Zones

OnApp administrators can control user access to data store zones management. You can set the following data store zone permissions for user roles:

Any action on data store zones - the user can take any action on data store zones
Create a new data store zone - the user can create a new data store zone
Delete any data store zone - the user can delete any data store zone
See list of all data store zones - the user can see list of all data store zones
See details of any data store zone - the user can see details of any data store zone
Update any data store zone - the user can edit any data store zone

For details, refer to the Data Store Zones Settings section.

Disks

OnApp administrators can control user access to disks management. You can set the following disks permissions for user roles:

Any action on disks - the user can take any action on disks
Assign any disk to VS - the user can assign the disks of any users to another VS of that user
Assign own disk to VS - the user can assign own disks to another own VS
Auto-backup for any disk - the user can schedule an automatic backup on any disk
Auto-backup for own disk - the user can only schedule automatic backups on their own disks
Create a new disk - the user can create a new disk
Destroy any disk - the user can delete any disk
Destroy own disk - the user can only delete their own disks
Migrate any disk - the user can migrate any disk
Migrate own disks - the user can only migrate their own disks
See all disks - the user can see all disks
See own disks - the user can only see their own disks
Unlock any disk - the user can unlock any disk
Update any disk - the user can edit any disk
Update own disk - the user can only edit their own disks

For details, refer to the Virtual Server Disks section.

DRaaS

OnApp administrators can control users' ability to manage DRaaS through the Control Panel's Roles menu. You can set the following DRaaS permissions for user roles:

Any action related to DRaaS - the user can take any action related to DRaaS

E

F

Federation

OnApp administrators can control users' ability to access federated resources through the Control Panel's Roles menu. You can set the following federation permissions for user roles:

Any actions on federation resources - the user can perform any action on federated resources
Add Compute zone to federation - the user can add Compute zone to federation
View unsubscribed federation resources - the user can view unsubscribed federation resources
Remove Compute zone from federation - the user can remove Compute zone from federation
Activate or deactivate Compute zone for federation - the user can activate or deactivate Compute zone for federation
Subscribe to the Compute zone - the user can subscribe to the Compute zone
Unsubscribe from the Compute zone - the user can unsubscribe from the Compute zone

For details, refer to the Federation section.

Federation Failed Action

OnApp administrators can control users' ability to manage federated VSs failed actions through the Control Panel's Roles menu. You can set the following federated VSs failed actions permissions for user roles:

Any actions on federation failed actions - the user can perform any action on failed actions
Clean all federation failed actions - the user can clean all failed actions
Clean own federation failed actions - the user can clean only those failed actions that refer to theVSs they have built
Read all federation failed actions - the user can view all failed actions
Read own federation failed actions - the user can view only those failed actions that refer to theVSs they have built

Firewall Rules

OnApp administrators can control users' ability to manage firewall rules through the Control Panel's Roles menu. You can set the following firewall rules permissions for user roles:

Any Action on Firewall Rules - the user can take any actions with firewall rules
Create Firewall Rules for anyone - the user can create firewall rules for anyone
Create own Firewall Rules - the user can only create own firewall rules
Destroy any Firewall Rules - the user can delete any firewall rules
Destroy own Firewall Rules - the user can only delete own firewall rules
Read all Firewall Rules - the user can read all firewall rules
Read own Firewall Rules - the user can only read own firewall rules
Update all Firewall Rules - the user can edit all firewall rules
Update own Firewall Rules - the user can only edit own firewall rules

For details, refer to the Set Virtual Server Firewall Rules section.

G

Global Search

OnApp administrators can control user access to global search. You can set the following global search for user roles:

Global search - global search through the whole database

For details, refer to the Cloud Search Tool section.

Groups

This set of permissions is reserved for future use and currently is not used. Enabling or disabling those permissions will not affect the system in any way.

H

Hardware Info

OnApp administrators can control user access to hardware information that is available for all compute resources and backup servers in the Settings menu. The access to the Hardware Info page for a particular compute resource or backup server is controlled under the See all compute resources/See all backup servers and Update any compute resource/Update any backup server permissions.

You can set the following hardware info permissions for user roles:

See all Hardware Info - the user can see all hardware information in the Settings menu

For details, refer to the Hardware Info section.

Help

OnApp administrators can control user access to help section.

All actions on Help - the user can take any action under the Help menu
Send Support requests - the user can send support requests from the Help menu

For details, refer to Help chapter.

HTTP Caching Rules

OnApp Administrators can control user's ability to manage HTTP Caching rules. You can set the following permissions:

Any actions on http caching rules - the user can create/delete/set rules/edit rules.
Create http caching rules - the user can only create HTTP caching rules.
Delete http caching rules - the user can remove HTTP caching rules.
Update http caching rules - the user can edit http caching rules.

I

Instance Packages

Any action on instance packages - the user can take any action on instance packages
Create instance package - the user can create new instance packages
Delete any instance package - the user can delete any instance package
See all instance packages - the user can see all instance packages
Update any instance package - the user can update any instance package

For details, refer to the Instance Packages section.

Internationalization

Edit Internationalization Locales - the user can view and edit all non-English language phrases

For details, refer to the Localization and Customization section.

IO Limiting

OnApp administrators can control user access to IO limiting.

Any actions on IO limits - the user can take any action on IO limits
Update any IO limits - the user can update IO limits for any disks and data stores
Update own IO limits - the user can update IO limits for own disks

For details on IO limiting, refer to the Edit Data Store IO Limits section.

IO Statistics

OnApp administrators can control user access to IOPS statistics.

Full access to IO Statistics - the user has full access to IO Statistics
See all IO Statistics - the user can see all IO Statistics
See own IO Statistics - the user can see own IO Statistics

For details on IO Statistics, refer to the View Disk IOPS section.

IP Addresses

OnApp administrators can control users' ability to manage IP addresses. This is handled through the Control Panel's Roles menu. You can set the following IP address permissions for user roles:

Any action on IP addresses - the user can take any action on IP addresses
Assign IP address to user - the user can assign IP address to user
Create a new IP address - the user can create a new IP address
Destroy any IP address - the user can delete any IP address
See all IP addresses - the user can see all IP addresses
Unassign IP address from user -theusercanunassign IP address from user
Update any IP address settings - the user can edit any IP address settings

For details, refer to the Assign/Unassign IP Address to User section.

IP Nets

OnApp administrators can control users' ability to manage IP nets. This is handled through the Control Panel's Roles menu. You can set the following IP nets permissions for user roles:

All actions on IP Nets - the user can take any action on IP net
Add IP Nets to any network - the user can add an IP net to any network
Add IP net to own networks - the user can only add IP net to their own networks
Remove IP Nets from any network - the user can remove an IP net from any network
Remove IP nets from own networks - the user can only remove IP net from their own networks
View IP Nets assigned to any network - the user can see IP nets assigned to any network
View IP nets assigned to own networks - the user can only see IP nets assigned to their own networks
Update IP Nets - the user can edit IP nets
Update IP nets in own networks - the user can edit IP nets ony in their own network

For details, refer to Create and Manage IP Nets section.

IP Ranges

OnApp administrators can control users' ability to manage IP ranges. This is handled through the Control Panel's Roles menu. You can set the following IP ranges permissions for user roles:

All actions on IP Ranges - the user can take any action on IP ranges
Add IP Ranges to any IP Net - the user can add an IP range to any IP net
Add IP Ranges to own IP Nets - the user can only add IP range to their own IP nets
Remove IP Ranges from any IP Net - the user can remove an IP range from any IP net
Remove IP Ranges from own IP Nets - the user can only remove IP range from their own IP nets
View IP Ranges assigned to any IP Net - the user can see IP ranges assigned to any IP net
View IP Ranges assigned to own IP Nets - the user can only see IP ranges assigned to their own IP nets
Update IP Ranges - the user can edit all IP ranges
Update IP Ranges in own network - the user can edit IP ranges only in their own network

For details, refer to Create and Manage IP Ranges section.

ISOs

OnApp administrators can control users' ability to manage ISOs. This is handled through the Control Panel's Roles menu. You can set the following ISO permissions for user roles:

Any action on ISOs - the user can take any action on ISOs
Create a new ISO - the user can create a new ISO
Destroy any ISO - the user can delete any ISO (own, user, and public)
Destroy own ISO - the user can only delete own ISO
Destroy user ISO - the user can delete ISOs created by any user, but not public ISOs
Make any ISO public - the user can make public any ISO available to all users
Make own ISO public - the user can make public own ISOs only
Make user ISO public - the user can make public ISOs created by any user
Create and manage own ISOs - the user can create and edit/delete/view own ISOs
Manage all ISOs - the user can manage own/user/public ISOs
Create and manage user ISOs - the user can view/create/edit/delete ISOs created by any user
See all ISOs - the user can view all ISOs in the cloud
See own ISOs - the user can only view the ISOs created by themselves
See all public ISOs - the user can view all public ISOs
See user ISOs - the user can view the ISOs created by any user in the cloud
Update any ISO - the user can edit any ISO in the cloud
Update own ISO - the user can only edit own ISO
Update user ISO - the user can edit the ISOs created by any user in the cloud

For details, refer to the ISOs section.

J

K

L

Last Access Log

OnApp administrators can control users access to logs. You can set the following last access log permissions for user roles:

Any action on last access log - the user can perform any action on last access log of any user
See the last access log of any user - the user can see the last access log of other users
See own last access log - the user can only see their own last access log

Load Balancers

OnApp administrators can control users' ability to manage load balancers. This is handled through the Control Panel's Roles menu. You can set the following load balancer permissions for user roles:

Any action on load balancer - the user can take any action on load balancer
Migrate any load balancer - the user can migrate any load balancer
Migrate own load balancer - the user can only migrate their own load balancer

To migrate a load balancer, you need to have both the Migrate any/own load balancer and See details of any/own load balancing cluster permissions enabled.

For details, refer to the Load Balancers section.

Load Balancing Clusters

OnApp administrators can control users' ability to manage load balancing clusters. This is handled through the Control Panel's Roles menu. You can set the following load balancing cluster permissions for user roles:

Any action on load balancing cluster - the user can make any action on relation load balancing
Configure autoscale out parameter of load balancing cluster - the user can configure Autoscale Out when creating/updating a load balancing cluster
Create a new load balancing cluster - the user can create a new load balancing cluster
Delete any load balancing cluster - the user can delete any load balancing cluster
Delete own load balancing cluster - the user can only delete own load balancing clusters
See details of any load balancing cluster - the user can see details of any load balancing cluster
See details of own load balancing cluster - the user can only see details of own load balancing cluster
Change any load balancing cluster - the user can make changes on any load balancing cluster
Change own load balancing cluster - the user can only change own load balancing cluster

For details, refer to the Load Balancers section.

Location Groups

OnApp administrators can control users' ability to manage location groups. You can set the following location groups permissions for user roles:

Any action on location groups - the user can take any action on location groups
Create a new location group - the user can create a new location group
Delete any location group - the user can attempt to delete location group
See all location groups - the user can see details of any location group
Refresh location groups - the user can refresh location groups

For details, refer to the Location Groups section.

Log Items

OnApp administrators can control users' ability to manage log items. You can set the following log items permissions for user roles:

Any action on log items - the user can take any action on log items
Delete any log item - the user can delete any log item
Delete own log item - the user can only delete their own log items
See list of all log items - the user can see all log items
See list of own log items - the user can only see their own log items
See details of any log item - the user can see details of any log item
See details of own log item - the user can only see details of their own log items

For details, refer to the Logs section.

M

Media

OnApp administrators can control users' ability to manage Media files through the Control Panel's Roles menu. You can set the following media permissions for user roles:

Any action on Media - the user can take any action on media files
Delete any Media - the user can delete any media files
See any Media - the user can view any media files
Update any Media - the user can edit any media files

Messaging: Deliveries

OnApp administrators can control users' access to messaging deliveries. You can set the following messaging deliveries permissions for user roles:

Any action on deliveries - the user can perform any action on deliveries
See all deliveries - the user can see all deliveries

For details, refer to the Notifications Setup section.

Messaging: Events

OnApp administrators can control users' access to messaging events. You can set the following messaging events permissions for user roles:

Any action on events - the user can perform any action on messaging events
Add a new event - the user can add new messaging events
See all events - the user can see all messaging events

For details, refer to the Notifications Setup section.

Messaging: External Recipients

OnApp administrators can control users' access to external recipients. You can set the following external recipients permissions for user roles:

Any action on external recipients - the user can perform any action on external recipients
Add a new external recipient - the user add new external recipients
Delete external recipient - the user can delete any external recipients
See all external recipients - the user can see all external recipients
Update external recipients - the user can edit any external recipients

For details, refer to the Notifications Setup section.

Messaging: Gateways

OnApp administrators can control users' access to messaging gateways. You can set the following messaging gateways permissions for user roles:

Any action on gateways - the user can perform any action on gateways
Add a new gateway - the user can add new messaging gateways
Delete gateway - the user can delete any messaging gateways
See all gateways - the user can see all messaging gateways
Update gateway - the user can edit any messaging gateways

For details, refer to the Notifications Setup section.

Messaging: Notifications

OnApp administrators can control users' access to messaging notifications. You can set the following messaging notifications permissions for user roles:

Any action on notifications - the user can perform any action on notifications
See own notifications - the user can see only own notifications

For details, refer to the Notifications Setup section.

Messaging: Notification Templates

OnApp administrators can control users' access to messaging notification templates. You can set the following messaging notification templates permissions for user roles:

Any action on notification templates - the user can perform any action on notification templates
Add a new notification template - the user can add new notification templates
Delete notification template - the user can delete any notification templates
See all notification templates - the user can view all notification templates
Update notification template - the user can edit any notification templates

For details, refer to the Notifications Setup section.

Messaging: Recipients Lists

OnApp administrators can control users' access to recipients lists. You can set the following recipients lists permissions for user roles:

Any action on recipients lists - the user can perform any action on recipients lists
Add a new recipients list - the user can add new recipients lists
Delete recipients lists - the user can delete any recipients lists
See all recipients lists - the user can see all recipients lists
Update recipients lists - the user can update any recipients lists

For details, refer to the Notifications Setup section.

Messaging: Subscriptions

OnApp administrators can control users' access to messaging subscriptions. You can set the following subscriptions permissions for user roles:

Any action on recipients subscriptions - the user can perform any action on messaging subscriptions
Add a new subscription - the user can add new messaging subscriptions
Delete subscription - the user can delete any subscriptions
See all subscriptions - the user can view all subscriptions

For details, refer to Notifications Setup section.

Monthly User Billing Statistics

OnApp administrators can control users' access to monthly user billing statistics. You can set the following user monthly bills permissions for user roles:

Full access to user Monthly Bills Statistics - the user has full access to user monthly bills statistics
See all Monthly user Bills Statistics - the user can see all user monthly bills statistics
See only own user Monthly Bills Statistics - the user can only see own user monthly bills statistics

Monthly User Group Billing Statistics

OnApp administrators can control users' access to monthly user group billing statistics. You can set the following user group monthly bills permissions for user roles:

Full access to user group Monthly Bills Statistics - the user has full access to user group monthly bills statistics
See all Monthly user group Bills Statistics - the user can see all user group monthly bills statistics
See only own user group Monthly Bills Statistics - the user can only see own user group monthly bills statistics

N

Nameservers

OnApp administrators can control users' ability to manage name servers. This is handled through the Control Panel's Roles menu. You can set the following nameservers permissions for user roles:

Any action on nameservers - the user can take any action on nameservers
Create a new nameserver - the user can create a new nameserver
Destroy any nameserver - the user can delete any nameserver
See all nameservers - the user can see all nameservers
Update any nameserver settings - the user can edit any nameserver

Networks

OnApp administrators control how users can manage networks. This is handled through the Control Panel's Roles menu. You can set the following network permissions for user roles:

Any action on networks - the user can take any action on networks
Add new network - the user can create a new network. This permission also controls the user's ability to create IP nets and IP ranges.
Delete network - the user can delete a network
See all networks - the user can see all networks
See all own networks - the user can see all own networks
Update networks - the user can edit any network

Network Joins

OnApp administrators can control users' ability to manage network joins through the Control Panel's Roles menu. You can set the following network joins permissions for user roles:

All actions on network joins - the user can attach or detach all/own networks to a compute resource or a compute zone
Attach network to any compute resource or a compute zone - the user can attach all/own networks to any compute resource or a compute zone
Detach network from any compute resource or a compute zone - the user can detach all/own networks from any compute resource or a compute zone

For details, refer to Manage Compute Zone Networks section.

Network Zones

OnApp administrators control a user's ability to manage network zones. This is handled through the Control Panel's Roles menu. You can set the following network zone management permissions for user roles:

Any action on network zones - the user can take any action on network zones
Create a new network zone - the user can create a new network zone
Delete any network zone - the user can delete any network zone
See list of all network zones - the user can see list of all network zones
See details of any network zone - the user can see details of any network zone
Update any network zone - the user can update any network zone

For details, refer to the Network Zones Settings section.

O

OnApp Storage

Manage OnApp storage - the user can access the OnApp storage settings
Override Integrated Storage cache settings - the user can override Integrated Storage cache settings

OAuth Providers

OnApp administrators can control users' ability to manage OAuth providers through the Control Panel's Roles menu. You can set the following OAuth providers permissions for user roles:

Any action on OAuth providers - the user can take any action on OAuth providers
See all OAuth providers - the user can see all configured OAuth providers
Update any OAuth provider - the user can edit any OAuth provider

For details, refer to the User Profile section.

Onboarding Billing Wizard

The onboarding wizard allows an admin to without deep product knowladge to configure initial users and buckets. OnApp administrators can control users' ability to use the wizard. You can set the following permissions for user roles:

Manage Onboarding Billing Wizard - the user can use the Billing Wizard

Onboarding Infrastructure Wizard

The infrastructure wizard allows a user without deep product knowledge to configure initial compute, storage, and networking resources on the cloud by just filling the forms and providing access credentials for connection to their servers. OnApp administrators can control users' ability to use the wizard. You can set the following permissions for user roles:

Manage Onboarding Infrastructure Wizard - the user can use the Infrastructure Wizard

OVAs

OnApp administrators can control users' ability to manage OVAs. This is handled through the Control Panel's Roles menu. You can set the following OVA permissions for user roles:

Any action on OVAs - the user can take any action on OVAs
Create a new OVA - the user can create a new OVA
Destroy any OVA - the user can delete any OVA (own, user, and public)
Destroy own OVA - the user can only delete own OVA
Destroy user OVA - the user can delete OVAs created by any user, but not public OVAs
Make any OVA public - the user can make public any OVA available to all users
Make own OVA public - the user can make public own OVAs only
Create and manage OVAs - the user can create and edit/delete/view OVAs
Manage public OVAs - the user can manage public OVAs
Create and manage user OVAs - the user can view/create/edit/delete OVAs created by any user
See all OVAs - the user can view all OVAs in the cloud
See own OVAs - the user can only view the OVAs created by themselves
Read all public OVAs - the user can view all public OVAs
See user OVAs - the user can view the OVAs created by any user in the cloud
Unlock any OVA - the user can unlock any OVA that is currently being converted
Update any OVA - the user can edit any OVA in the cloud
Update own OVA - the user can only edit own OVA
Update user OVA - the user can edit the OVAs created by any user in the cloud
Manage System Service Add-ons - the user can manage all the system service add-ons in the cloud
Manage own System Service Add-ons - the user can manage system service add-ons assigned to the user's own OVAs

For details, refer to the OVAs section.

P

Payments

OnApp administrators control how users can manage payments. This is handled through the Control Panel's Roles menu. You can set the following payments permissions for user roles:

Any action on payments - the user can take any action on payments
Create a new payment - the user can create a new payment
Destroy any payment - the user can delete any payment
See all payments - the user can see all payments
See own user payments - the user can only see their own user payments

Please note that if a user has See own company/group payments permission enabled but does not have a VMware integration, they will see all the payments in the cloud.

See own company/group payments - the user can see all the payments of their user group
Update any payment - the user can edit any payment

For details, refer to the User Payments section.

Permissions

OnApp administrators control a user's ability to manage permissions. This is handled through the Control Panel's Roles menu.

Any action on permissions - the user can take any action on permissions
Create a new permission - the user can grant a new permission
Destroy any permission - the user can revoke any permission
See all permissions - the user can see all permissions
Update any permission - the user can edit any permission

Provider Resource Pools

OnApp administrators control how users can manage provider resource pools. This is handled through the Control Panel's Roles menu. You can set the following provider resource pool permissions for user roles:

Any action on Provider Resource Pools - the user can take any action on provider resource pools
Read any Provider Resource Pool - the user can see the list of all provider resource pools

Q

R

Recipes

OnApp administrators control a user's ability to manage recipes. This is handled through the Control Panel's Roles menu.

Any actions on Recipes - the user can take any action on recipes
Create new Recipes - the user can create new recipes
Delete any Recipe - the user can delete any recipe
Delete own Recipes - the user can delete own recipes
Edit any Recipe - the user can edit any recipe
Edit own Recipes - the user can edit own recipes
Read any Recipe - the user can read any recipe
Read own Recipes - the user can read own recipes

For details, refer to the Recipes section.

Recipe Groups

Any action on recipe groups - the user can take any action on recipe groups
Create a new recipe group – the user can create a new recipe group
Destroy any recipe group - the user can delete any recipe group
See list of all recipe groups – the user can view the list of recipe groups
See all recipe groups – the user can view any recipe group details
Update any recipe group – the user can edit all recipe groups

For details, refer to the Recipe Groups section.

Recipe Group Relations

Any action on recipe group relations - the user can take any action on recipe relation group
Create a new recipe group relation - the user can create a new recipe relation group
Destroy any recipe group relation - the user can delete any recipe relation group
See list of all recipe group relations - the user can view the list recipe relation groups
See all recipe group relations – the user can see recipe relation group details
Update any recipe group relation – the user can edit any recipe relation group

For details, refer to the Recipe Groups section.

Recovery Points

OnApp administrators control how users can manage recovery points for virtual servers with the assigned backup resources. This is handled through the Control Panel's Roles menu. You can set the following permissions for user roles:

Any action on recovery points - the user can take any action on recovery point
Create any recovery point - the user can create a recovery point for any VS
Create own recovery point - the user can create a recovery point for his or her own VS
See any recovery point - the user can see a recovery point for any VS
See own recovery point - the user can see a recovery point for his or her own VS
See any recovery point size - the user can see a recovery point size for any VS
See own recovery point size - the user can see a recovery point size for his or her own VS
Restore any recovery point - the user can restore any VS from a recovery point
Restore own recovery point - the user can restore his or her own VS from a recovery point

For details, refer to the Recovery Points section.

Relation Group Templates

OnApp administrators control how users can manage relation group templates. This is handled through the Control Panel's Roles menu. You can set the following relation group templates permissions for user roles:

Any action on relation group templates - the user can take any action on relation group templates
Create a new relation group template - the user can create a new relation group template
Create own relation group template - the user can create his own template group
Destroy any relation group template - the user can delete any relation group template
Destroy own relation group templates - the user can delete own relation group templates
See all relation group templates - the user can see all relation group templates
See own relation group templates - the user can see his own relation group templates
Update price for relation group template - the user can update price for relation group template

For details, refer to the Template Store and My Template Groups sections.

Resource Diff

OnApp administrators control how users can manage resource differences. This is handled through the Control Panel's Roles menu. Resource differences are changes which a resource has undergone (e.g disk resize), the resource difference contains both the old and the new value of the resource. You can set the following resource differences permissions for user roles:

Any actions on resource diff - the user can take any action on resource differences
See any Resource Diff - the user can see all resource differences in the cloud
See own Resource Diff - the user can see changes to resources of only their objects

Resource Limits

OnApp administrators control how users can manage resource limits. This is handled through the Control Panel's Roles menu. You can set the following resource limits permissions for user roles:

Any action on resource limit - the user can take any action on resource limits
Create a new resource limit - the user can create a new resource limit
Destroy any resource limit - the user can delete any resource limit
See all resource limits - the user can see all resource limits
See own resource limits - the user can only see their own resource limits
Update any resource limit - the user can edit resource limits for any user account

For details, refer to Configure Resource Allocation And Prices section.

Restrictions Resources

OnApp administrators can control users' ability to manage restrictions resources through the Control Panel's Roles menu. You can set the following restrictions resources permissions for user roles:

Any actions on restrictions resources - the user can take any actions on restrictions resources while configuring restriction sets (Roles > Restrictions Sets tab > Resources)
See all restrictions resources - the user can see all restrictions resources while configuring restriction sets (Roles > Restrictions Sets tab > Resources)

Restrictions Sets

OnApp administrators can control users' ability to manage restrictions sets through the Control Panel's Roles menu. You can set the following restrictions sets permissions for user roles:

Any action on restrictions sets - the user can take any action on restrictions sets
Create a new restrictions set - the user can create a new restrictions set
Delete restrictions set - the user can delete any restrictions set
See all restrictions sets - the user can see all restrictions sets
See own restrictions sets - the user can see restrictions sets assigned to his role(s)
Update restrictions set - the user can update any restrictions set

For details, refer to the Restrictions Sets section.

Roles

OnApp administrators control a user's ability to manage roles. This is handled through the Control Panel's Roles menu.

Any action on Roles - the user can take any action on roles
Create a new Role - the user can create a new role
Destroy any Role - the user can delete any role
See all Roles - the user can see all roles
See user's own roles - the user can see only roles assigned to them
Update any Role - the user can edit any role

For details, refer to the Roles section.

S

SAML Identity Providers

Any action on SAML identity providers - the user can perform any action on SAML Identity Providers
Create a SAML identity provider - the user can add new Identity Provider
Destroy any SAML identity provider - the user can delete any Identity Provider
See all SAML identity providers - the user can see the list of all Identity Providers
Update any SAML identity provider - the user can edit any SAML Identity Provider

Schedule Logs

OnApp administrators control a user's ability to manage schedule logs. This is handled through the Control Panel's Roles menu.

Any action on schedule logs - the user can take any action on schedule logs
Create a new schedule log - the user can create a new schedule log
Destroy any schedule log - the user can destroy any schedule log
See all schedule logs - the user can see all schedule logs
See own schedule logs - the user can only see their own schedule logs
Update any schedule log - the user can edit any schedule log

For details, refer to the Schedules Settings section.

Schedules

OnApp administrators control users' ability to manage schedules. This is handled through the Control Panel's Roles menu. You can set the following schedule management permissions for user roles:

Any action on schedules - the user can take any action on schedules
Create a new schedule - the user can create a new schedule
Destroy any schedule - the user can delete any schedule
Destroy own schedule - the user can only delete their own schedules
See all schedules - the user can see all schedules
See own schedules - the user can only see their own schedules
Update any schedule - the user can edit any schedule
Update own schedule - the user can only edit their own schedules

For details, refer to the Schedules Settings section.

SDN Managers

OnApp administrators control how users can manage SDN managers. This is handled through the Control Panel's Roles menu.

Any action on SDN Managers - the user can take any action on SDN manager

For details, refer to the SDN Managers section.

SDN Networks

OnApp administrators control how users can manage SDN networks. This is handled through the Control Panel's Roles menu.

Any action on SDN Networks - the user can take any action on SDN networks

For details, refer to the SDN Networks section.

Service Add-ons

OnApp administrators control users' ability to manage service add-ons. This is handled through the Control Panel's Roles menu. You can set the following service add-on management permissions for user roles:

Any actions on Service Add-ons - the user can perform any operations on Service Add-ons - view, create, edit and delete service add-ons
Create new Service Add-ons - the user can create new Service Add-ons (Control Panel's Service Add-ons menu > the "+" button)
Delete Service Add-ons and Delete own Service Add-ons - the user can delete Service Add-ons (Control Panel's Service Add-ons menu > the "Actions" icon > Delete)
Edit any Service Add-on and Edit own Service Add-ons - the user can update Service Add-ons (Control Panel's Service Add-ons menu > the "Actions" icon > Edit)
Read all Service Add-ons and Read own Service Add-ons - the user can view Service Add-ons (Control Panel's Service Add-ons menu)

For details, refer to the Service Add-ons section.

Service Add-on Groups

OnApp administrators control users' ability to manage service add-on groups. This is handled through the Control Panel's Roles menu. You can set the following service add-on group management permissions for user roles:

Any action on Service Add-on Groups - the user can take any action on Service Add-on Groups - view, create, edit and delete service add-on groups
Create a new Service Add-on group - the user can create a new Service Add-on group and add child service add-on groups (Control Panel's Service Add-ons menu > Store > the "+" button and Add Child button)
Destroy any Service Add-on group and Destroy own Service Add-on group - the user can delete Service Add-on groups (Control Panel's Service Add-ons menu > Store > the "Delete" button next to the service add-on group you want to delete)
See all Service Add-on groups - the user can see all Service Add-on groups (Control Panel's Service Add-ons menu > Store)
Manage any Service Add-on group - the user can manage a Service Add-on group (the user can edit a service add-on group, assign a particular service add-on to a service add-on group, remove service add-on from the service add-on group, edit service add-on price).

For details, refer to the Manage Service Add-on Store section.

Service Catalog

OnApp administrators control users' ability to access the service catalog. This is handled through the Control Panel's Roles menu. You can set the following service catalog permission for user roles:

Any action related to service catalog - user can take any action related to the service catalog

Service Insertion Groups

OnApp administrators control users' ability to access the service insertion groups. This is handled through the Control Panel's Roles menu. You can set the following service insertion groups permissions for user roles:

Any action on Service Insertion Groups - the user can take any action on service insertion groups
Create new Service Insertion Group - the user can create a new service insertion group
Destroy any Service Insertion Group - the user can delete any service insertion group
See all Service Insertion Groups - the user can view all service insertion groups
Update any Service Insertion Group - the user can update any service insertion group

For details, refer to the Service Insertion Framework Configuration section.

Service Insertion Pages

OnApp administrators control users' ability to access the service insertion pages. This is handled through the Control Panel's Roles menu. You can set the following service insertion pages permissions for user roles:

Any action on Service Insertion Pages - the user can take any action on service insertion pages
Create new Service Insertion Page - the user can create a new service insertion page
Destroy any Service Insertion Page - the user can delete any service insertion page
See all Service Insertion Pages - the user can view all service insertion pages
See own Service Insertion Pages - the user can view only own service insertion pages
Update any Service Insertion Page - the user can update any service insertion page

For details, refer to the Service Insertion Framework Configuration section.

Sessions

OnApp administrators control a user's ability to drop sessions. You can set the following drop session permissions for user roles:

Any actions on sessions - the user can take any action on sessions
Drop all the existing sessions - the user can drop all the existing sessions including their own
Drop all the user sessions but the current - the user can delete all the sessions created under their account but their current

For details, refer to the View User Account Details section.

Settings

OnApp administrators control a user's ability to manage settings. This is handled through the Control Panel's Roles menu.

Any action on settings - the user can take any action on settings
Manage SSL certificate - the user can upload and update SSL certificate located under config/ssl_certificates folder
See read settings - the user can see all settings
Restart Dashboard Client - the user can restart the dashboard client
Update Settings - the user can edit everything in the Settings menu
View OnApp version - the user can navigate to version to see which version of OnApp is installed

For details, refer to the OnApp Configuration section.

Smart Servers

OnApp administrators control how users can manage Smart Servers. This is handled through the Control Panel's Roles menu. You can set the following Smart Servers permissions for user roles:

Add recipe to any Smart Server - the user can add recipes to any smart server
Add recipe to own Smart Server - the user can add recipes to own smart servers only
Remove recipe from any Smart Server - the user can remove a recipe from any smart server
Remove recipe from own Smart Server - the user can remove recipe from own smart server

For details, refer to the Smart Servers section.

SSH Keys

OnApp administrators control how users can manage SSH keys. This is handled through the Control Panel's Roles menu. You can set the following SSH keys permissions for user roles:

Add ssh keys for all the virtual servers - the user can add ssh keys for all the virtual servers. Enabling this permission means that the keys are configured in Settings > SSH keys and are added to all VSs in the cloud every time a user creates a new VS or runs Set SSH keys for his VS. Therefore, we recommend enabling this permission only for those users that might really need it, namely, administrators.
Add ssh keys for own virtual servers - the user can only add ssh keys for own virtual servers. Enabling this permission means that the keys won't be added to Settings > SSH keys and will be added to the VSs that belong to this particular user only.

For details, refer to the Create and Manage User Accounts section.

Sysadmin Tools

OnApp administrators control how users can manage sysadmin tools. This is handled through the Control Panel's Roles menu. You can set the following sysadmin tools permissions for user roles:

Any action Sysadmin Tools - the user can see all actions on the Sysadmin Tools menu

For details, refer to the Sysadmin section.

T

Templates

OnApp administrators control how users can manage templates. You can set the following template sets permissions for user roles:

Any action on templates - the user can take any action on all templates
See the list of available for installation templates - the user can see all templates available for the installation from the template server (Templates > System templates > Available tab)
Install template upgrades - the user can install upgrades to the system templates
See the list of template upgrades - the user can see the upgrades for the installed system templates
Create a new template - the user can create a new template
Destroy any template - the user can delete any template
Destroy own template - the user can only delete their own templates
Destroy user template - the user can delete any user templates
See the list of inactive templates - the user can see the list of inactive templates
See list of active installations - the user can see the list of active template installations
Make any template public - the user can make any template public
Make own template public - the user can only make their own templates public
Make user template public - the user can make any user templates public
Manage own templates - the user can create and view/edit/delete their own templates
Manage public templates - the user can create/edit/delete/view system/public template
Manage user templates - the user can create and manage user templates
See all templates - the user can see all templates
See own templates - the user can only see their own templates
See all public templates - the user can see all system templates including public
See user templates - the user can see any user templates
Manage recipe for any template - the user can manage recipes for any template
Manage recipe for own templates - the user can manage recipes for own templates only
Restart failed installation - the user can restart failed template installation
Update any template - the user can edit any template (Templates > System templates > Edit template)
Update own template - the user can only edit their own templates (Templates > My templates > Edit template)
Update user template - the user can update user templates (Templates > User templates > Edit template
Manage System Service Add-ons - the user can manage all the system service add-ons in the cloud
Manage own System Service Add-ons - the user can manage system service add-ons assigned to the user's own templates

For details, refer to the Templates section.

Template Groups

OnApp administrators can control users' ability to manage image template groups. This is handled through the Control Panel's Roles menu. You can set the following image template groups permissions for user roles:

Any action on template group - the user can take any action on template groups
Create a new template group - the user can create a new template group
Create own template group - the user can create his own template group
Delete any template group - the user can delete a template group
Delete own template group - the user can delete his own template group
See details of any template group (image_template_groups.read) - the user can view template group details
See details of own template groups - the user can view his own template groups
Update any template group (image_template_groups.update) - the user can edit any template group
Update own template groups - the user can edit his own template groups

For details, refer to the Template Store and My Template Groups sections.

Themes

OnApp administrators control a user's ability to manage themes. You can set the following themes permissions for user roles:

Any action on Themes - the user can make any action on themes
Create Theme - the user can create new themes
Destroy Theme - the user can delete themes
Read Theme - the user can read themes
Update Theme - the user can make changes in themes

For details, refer to the Look & Feel section.

Transactions

OnApp administrators control a user's ability to manage transactions. You can set the following transactions permissions for user roles:

Any action on transactions - the user can take any action on transactions
Cancel zombie transactions - the user can cancel transactions which run too long and are most likely failed
Cancel own zombie transactions - the user can cancel transactions which run too long and are most likely failed and belong to this user
Delete all transactions from log - the user can delete all transactions from a log
Delete own transactions from logs - the user can only delete their own transactions from a log
See list of all transactions - the user can see all transactions
See list of own transactions - the user can only see their own transactions
See details of all transactions - the user can see details of any transaction
See details of own transaction - the user can only see details of their own transactions
See log output of all transactions - the user can see the Output section at the Logs Item Details page

For details, refer to the Virtual Server Transactions and Logs and Smart Server Transactions and Logs sections.

Tunnels

OnApp administrators control how users can manage VPN tunnels. This is handled through the Control Panel's Roles menu. You can set the following tunnels permissions for user roles:

Any action on tunnels - the user can take any action on tunnels
Create tunnels for anyone - the user can create tunnels for anyone
Create own tunnels - the user can only create own tunnels
Destroy any tunnels - the user can delete any tunnels
Destroy own tunnels - the user can only delete own tunnels
Read all tunnels - the user can see all tunnels
Read own tunnels - the user can only see own tunnels
Update all tunnels - the user can edit all tunnels
Update own tunnels - the user can only edit own tunnels

U

Users

OnApp administrators can control users' ability to manage configuration. This is handled through the Control Panel's Roles menu. You can set the following users permissions for user roles:

Any action on users - the user can take any action on user accounts
Upload avatar - the user can upload an avatar
Change user password - the user can change user's password
Change own password - the user can only change own password
Create any user - the user can create a new user account
Destroy any user - the user can delete any user account
Destroy own user - the user can only delete their own user account
Allow user to send password reminder - the user can send password reminder for other users at user profile page
User can login as any user - the user can log in as any user
See all users - the user can see all user accounts
See all users prices - the user can see all users prices. By disabling this permission together with the See user outstanding amount and See user summary payments permissions, you can hide the payment screen on the dashboard.
See user backups/templates prices – the user can see users’ backups/templates prices
See user bucket – the user can see users’ buckets
See user hourly prices – the user can see users’ hourly prices
See user monthly prices – the user can see users’ monthly prices
See user outstanding amount – the user can see users’ outstanding amount. By disabling this permission together with the See all users prices and See user summary payments permissions, you can hide the payment screen on the dashboard.
See user summary payments – the user can see user’s summary payments. By disabling this permission together with the See user outstanding amount and See all users prices permissions, you can hide the payment screen on the dashboard.
See user total cost – the user can see users’ total cost
See user virtual server prices – the user can see users’ virtual server prices
See own users – the user can only see their own user account
Suspend and unsuspend users – the user can suspend/unsuspend any users
Unlock any user - the user can unlock any user
Update any user – the user can edit any user account
Update own user – the user can only edit their own user account
Generate API key for any user via API call - the user can generate API key for any user via API, except thyself
Manage all API keys – the user can manage API keys for all users
Manage own API key – the user can only manage their own API keys
Update Yubikey - the user can modify all user Yubikeys. If a user does not have this or the Update own Yubikey permission enabled, they will not be able to manage YubiKeys in the user profile.
Update own Yubikey - the user can modify only their own Yubikey. If a user does not have this or the Update Yubikey permission enabled, they will not be able to manage YubiKeys in the user profile.
Disable TOTP authentication - the user can disable TOTP-based authentication for two factor authentication (2FA)

For details, refer to the Users section.

User Additional Fields

OnApp administrators control a user's ability to create user additional fields. You should edit user profile to add necessary info to this additional field. It is regulated by Update any user permission. You can set the following user additional fields permissions for user roles:

Any action on user additional fields - the user can perform any action on user additional fields
Create user additional fields - the user can create user additional fields
Destroy any user additional fields - the user can delete any user additional fields
Read all user additional fields - the user can read all user additional fields
Update all user additional fields - the user can edit all user additional fields

For details, refer to the Create and Manage User Accounts section.

User Groups

OnApp administrators control a user's ability to manage user groups. You can set the following user groups permissions for user roles:

Any action on user groups - the user can take any action on user groups
Create a new user group - the user can create a new user group
Destroy user group - the user can delete any user group
See list of all user groups - the user can see the list of all user groups
See details of any user group - the user can see details of any user group
Update any user group - the user can edit any user group

For details, refer to the Groups section.

User Group Additional Fields

OnApp administrators control a user's ability to manage user group additional fields. You can set the following user groups permissions for user roles:

Any action on user group additional fields - the user can create, edit, view and delete user group additional fields
Create user group additional fields - the user can add new custom additional fields
Destroy any user group additional fields - the user can delete any user group additional fields
Read all user group additional fields - the user can view all user group additional fields in the user profile
Update all user group additional fields - the user can edit all user group additional fields

For details, refer to the Manage Groups section.

V

Virtual Routers

OnApp administrators can control users' ability to manage virtual servers. This is handled through the Control Panel's Roles menu. You can set the following virtual servers permissions for user roles:

Any action on virtual servers - the user can take any action on virtual servers
Accelerate any Virtual Server - the user can accelerate any virtual server
Accelerate own Virtual Servers - the user can accelerate only own virtual servers
Edit advanced XML configuration for any VS - the user can edit an advanced XML configuration for any virtual server
Edit advanced XML configuration for own VS - the user can edit an advanced XML configuration for their own virtual servers
Schedule autobackups on any virtual server - the user can schedule autobackups on any virtual server
Schedule autobackups on own virtual servers - the user can schedule autobackups on their own virtual servers
Allow all virtual servers to boot from ISO - the user can boot from ISO any virtual server in the cloud
Allow own virtual servers to boot from ISO - the user can boot from ISO their own virtual servers only
Build/rebuild any virtual server - the user can build or rebuild any virtual server
Build/rebuild user's own virtual server - the user can build or rebuild their own virtual servers only
Change an owner of any virtual server - the user can change the owner of any virtual server
Clone any virtual server - the user can clone any virtual server
Clone own virtual servers - the user can clone only their own virtual servers
Console to any virtual server - the user can access any virtual server via console
Console to own virtual server - the user can only access their own virtual server via console
Allow user to set CPU topology - the user can set CPU topology options for virtual server
Create a new virtual server - the user can create a new virtual server
Destroy any virtual server - the user can delete any virtual server. To delete any virtual server together with its backups, the user needs to have the Destroy any backup permission enabled. Otherwise, the backups of the VS deleted by the user will remain in the system.
Destroy own virtual server - the user can only delete their own virtual servers. To delete a virtual server together with its backups, the user needs to have the Destroy own backup permission enabled. Otherwise, the backups of the VS deleted by the user will remain in the system.
Edit any network appliance config - the user can edit any network appliance configuration
Edit own network appliance config - the user can edit only their own network appliance configuration
Edit any network appliance license - the user can edit any network appliance license
Edit own network appliance license - the user can edit only their own network appliance license
Infrastructure Mode - the user can use virtual server in Infrastructure Mode
Manage publications for all virtual servers - the user can manage publications for all virtual servers
Manage publications for own virtual servers - the user can manage their own publications only
Manage Virsh Console - the user can enable or disable the usage of Virsh console for all virtual servers
Migrate any virtual server - the user can migrate any virtual server
Migrate own virtual server - the user can only migrate their own virtual servers
Move any virtual server to another federated location - the user can move any virtual server to another federated location
Move own virtual server to another federated location - the user can move theit own virtual servers to another federated location
Any power action on virtual servers - the user can take any power-related action on virtual servers
Any power action on own virtual servers - the user can only take power-related actions on their own virtual servers
Allow to purge content of all virtual servers - the user can purge content of any virtual server
Allow to purge content of own virtual servers - the user can purge content of own virtual servers only
Read any virtual server - the user can read any virtual server
Read own virtual servers - the user can only read their own virtual servers
Read Virtual Server's root password - the user can view any virtual servers root password
Read own Virtual Server's root password - the user can view their own virtual servers root password
Read VIP status - the user can read VIP status of virtual servers
Rebuild network of any virtual server - the user can rebuild network of any virtual server
Rebuild network of own virtual server - the user can only rebuild network of own virtual server
Manage recipes joins for all virtual servers - the user can manage recipes joins for all virtual servers
Manage recipes joins for own virtual servers - the user can manage recipes joins for own virtual servers
Report a federation problem on any virtual server - the user can report a federation problem on any virtual server
Report a federation problem on user's own virtual server - the user can report a federation problem on user's own virtual server
Reset root password to any virtual server - the user can reset the root password for any virtual server
Reset root password to own virtual server - the user can only reset the root password of their own virtual servers
Select instance package on virtual server creation - the user can select instance packages on virtual server creation
Select resources manually on virtual server creation - the user can select resources manually on virtual server creation
Manage Service Add-ons for all virtual servers - the user can manage Service Add-ons for all virtual servers (Control Panel's Virtual Servers menu > VS label > Overview > Service Add-ons)
Manage Service Add-ons own virtual servers - the user can manage their own Service Add-ons only (Control Panel's Virtual Servers menu > VS label > Overview > Service Add-ons)
Set Max Memory - the user can set a max memory override for KVM-based virtual servers
Set SSH keys - the user can set their own ssh keys after the virtual server is created
Set VIP status - the user can set/delete VIP status for virtual servers
Change suspended status for virtual server - the user can change Suspended status for a virtual server
Allow insert/eject media for all virtual server - the user can insert/eject media for all virtual servers
Allow insert/eject media for own virtual server - the user can insert/eject media for own virtual servers
Unlock any virtual server - the user can unlock any virtual server
Update all virtual server - the user can edit any virtual server
Update own virtual server - the user can only edit their own virtual servers
Allow use virtual server as gateway - the user can use virtual servers as gateways for other virtual servers
Any action with admin note - the user can take any action on Admin notes
Manage System Service Add-ons - the user can manage all the system service add-ons assigned to VSs in the cloud
Manage own System Service Add-ons - the user can manage the system service add-ons assigned to one's own VSs

For details, refer to the Appliances section.

Virtual Machine Statistics

OnApp administrators control user's access to virtual server statistics. You can set the following statistics permissions for user roles:

See Virtual Machine Statistics – the user has full access to statistics
See all Virtual Machines Statistics – the user can see statistics of all virtual servers
See own Virtual Machines Statistics – the user can only see their own statistics

For details, refer to the Virtual Server Statistics section.

Virtual Server's IP Addresses

OnApp administrators can control users' ability to manage IP address joins. This is handled through the Control Panel's Roles menu. You can set the following IP address joins permissions for user roles:

All actions on virtual server's IP addresses - the user can take any action on virtual server IP addresses
Add IP address to any virtual server - the user can add an IP address to any virtual server
Add IP address to own virtual server - the user can only add IP addresses to their own virtual servers
Remove IP address from any virtual server - the user can remove an IP address from any virtual server
Remove IP address from own virtual server - the user can only remove IP addresses from their own virtual servers
See IP addresses assigned to any virtual servers - the user can see IP addresses assigned to any virtual server
See IP addresses assigned to own virtual servers - the user can only see IP addresses assigned to their own virtual servers

For details, refer to the Virtual Server IP Addresses section.

W

White IPs

OnApp administrators control a user's ability to manage white IPs. You can set the following white IPs permissions for user roles:

Manage all White IPs for users - the user can take any action on White IPs for users
Create white IP for all users - the user can create any white IP
Create own white IP - the user can create own white IP
Destroy white IP for all users - the user can destroy any white IP
Destroy own white IPs - the user can only destroy own white IP
Read all white user IPs - the user can read all white IPs
Read own white IPs - the user can read own white IPs
Update white IP for all users - the user can update any white IP
Update own white IPs - the user can update own white IP

For details, refer to the User Whitelist IPs section.

X

Y

Z

Zabbix Server

OnApp administrators can control users' ability to manage the Zabbix server. This is handled through the Control Panel's Roles menu. You can set the following Zabbix server permission for user roles:

Any action related to zabbix server - user can perform any action related to the Zabbix server