vCenter Permissions

The list below includes the permissions related to vCenter Resources.

Users with the Administrator role in OnApp have vCenter related permissions enabled by default. They can create and manage vCenter resources if there is a vCenter compute resource in the cloud.
Users with vCenter User role have all OnApp User permissions, default permissions for vCenter User role, and two extra permissions necessary to create a vCenter VS:
- Read all public OVAs
- See Compute Resource during virtual server creation

Users with OnApp User role have limited vCenter permissions enabled by default, and cannot create a vCenter VS.
The vCenter permissions list is not updated in OnApp for custom roles imported from vCenter.

Default Permissions for vCenter User Role

vCenter Clusters

OnApp administrators can control users' ability to manage vCenter clusters through the Control Panel's Roles menu. You can set the following cluster permissions for user roles:

Any actions on vCenter Clusters - the user can take any action on vCenter clusters
Show vCenter Clusters on Virtual Server creation - the user can see vCenter Clusters on Add New Virtual Server screen

vCenter Datacenters

OnApp administrators can control users' ability to manage vCenter datacenters. This is handled through the Control Panel's Roles menu. You can set the following datacenters permissions for user roles:

Any actions on vCenter Datacenters - the user can take any action on vCenter Datacenters
Show vCenter Datacenters on Virtual Server creation - the user can see vCenter Datacenters on Add New Virtual Server screen

vCenter Servers

Any actions on vCenter Servers - the user can take any action on vCenter servers
Create a new vCenter Server - the user can create new vCenter servers
Delete any vCenter Server - the user can delete any vCenter server
Import any vCenter Server - the user can import any vCenter server to OnApp
See any vCenter Server - the user can see the list of all vCenter servers in the cloud
Update any vCenter Server - the user can edit any vCenter server within the cloud

For more details, refer to the vCenter Servers section of this guide.

vCenter Templates

Any actions on vCenter Templates - the user can take any action on vCenter templates
See any vCenter Templates - the user can see any vCenter templates
Update any vCenter Templates - the user can edit any vCenter templates

vCenter Resource Pool

Add a new vCenter Resource Pool - the user can add a vCenter Resource Pool
Delete own vCenter Resource Pool - the user can delete own vCenter Resource Pool
See own vCenter Resource Pool - the user can see own vCenter Resource Pool
Update own vCenter Resource Pool - the user can update own vCenter Resource Pool

Virtual Servers

Resync vCenter VS - the user can run the re-import vCenter VS transaction

Other vCenter Permissions

NSX Edges

OnApp administrators can control users' ability to manage NSX edges through the Control Panel's Roles menu. You can set the following NSX edges permissions for user roles:

Any action on edge - the user can take any action on NSX edges
See any edge - the user can see any NSX edge

NSX Firewall Rules

OnApp administrators can control users' ability to manage NSX firewall rules through the Control Panel's Roles menu. You can set the following firewall rules permissions for user roles:

Any action on firewall rule - the user can take any action on NSX firewall rules
Create any firewall rule - the user can create a new NSX firewall rule
Delete any firewall rule - the user can delete any NSX firewall rule
See any firewall rules - the user can see any NSx firewall rules
Update any firewall rule - the user can edit any NSX firewall rule

NSX Firewall Services

OnApp administrators can control users' ability to manage NSX firewall services through the Control Panel's Roles menu. You can set the following firewall services permissions for user roles:

Any action on firewall service - the user can take any action on NSX firewall services
See any firewall service - the user can see any NSX firewall service
Update any firewall service - the user can edit any NSX firewall service

NSX IPSec Services

OnApp administrators can control users' ability to manage NSX IPSec services through the Control Panel's Roles menu. You can set the following IPSec services permissions for user roles:

Any action on IPSec service - the user can take any action on NSX IPSec services
See any IPSec service - the user can see any NSX IPSec service
Update any IPSec service - the user can edit any NSX IPSec service

NSX IPSec Sites

OnApp administrators can control users' ability to manage NSX IPSec sites through the Control Panel's Roles menu. You can set the following IPSec sites permissions for user roles:

Any action on IPSec site - the user can take any action on NSX IPSec sites
Create IPSec sites - the user can create an NSX IPSec site
Delete any IPSec site - the user can delete any NSX L2 VPN IPSec site
See any IPSec site - the user can see any NSX IPSec sites
Update any IPSec site - the user can edit any NSX IPSec site

NSX L2 VPN Peer Sites

OnApp administrators can control users' ability to manage NSX L2 VPN peer sites through the Control Panel's Roles menu. You can set the following L2 VPN peer sites permissions for user roles:

Any action on L2 VPN peer site - the user can take any action on NSX L2 VPN peer sites
Create L2 VPN peer sites - the user can create an NSX L2 VPN peer site
Delete any L2 VPN peer site - the user can delete any NSX L2 VPN peer site
See any L2 VPN peer site - the user can see any NSX L2 VPN sites
Update any L2 VPN peer site - the user can edit any NSX L2 VPN sites

NSX L2 VPN Services

OnApp administrators can control users' ability to manage NSX L2 VPN services through the Control Panel's Roles menu. You can set the following L2 VPN services permissions for user roles:

Any action on L2 VPN service - the user can take any action on NSC L2 VPN services
See any L2 VPN service - the user can see any NSX L2 VPN service
Update any L2 VPN service - the user can edit any NSX load balacer L2 VPN services

NSX Load Balancer Application Profiles

OnApp administrators can control users' ability to manage NSX load balancer application profiles through the Control Panel's Roles menu. You can set the following load balancer application profiles permissions for user roles:

Any action on application profile - the user can take any action on NSX load balancer application profiles
Create any application profile - the user can create a new NSX load balancer application profile
Delete any application profile - the user can delete any NSX load balancer application profile
See any application profile - the user can see any NSX load balancer application profile
Update any application profile - the user can edit any NSX load balancer application profile

NSX Load Balancer Application Rules

OnApp administrators can control users' ability to manage NSX load balancer application rules through the Control Panel's Roles menu. You can set the following load balancer application rules permissions for user roles:

Any action on application rules - the user can take any action on NSX load balancer application rules
Create any application rule - the user can create a new NSX load balancer application rule
Delete any application rule - the user can delete any NSX load balancer application rule
See any application rule - the user can see any NSX load balancer application rules
Update any application rule - the user can edit any NSX load balancer application rules

NSX Load Balancer Monitors

OnApp administrators can control users' ability to manage NSX load balancer monitors through the Control Panel's Roles menu. You can set the following load balancer monitors permissions for user roles:

Any action on monitors - the user can take any action on NSX load balancer monitors
Create any monitor - the user can create a new NSX load balancer monitor
Delete any monitor - the user can delete any NSX load balancer monitor
See any monitor - the user can see any NSX load balancer monitors
Update any monitor - the user can edit any NSX load balancer monitors

NSX Load Balancer Pools

OnApp administrators can control users' ability to manage NSX load balancer pools through the Control Panel's Roles menu. You can set the following load balancer pools permissions for user roles:

Any action on pool - the user can take any action on NSX load balancer pools
Create any pool - the user can create a new NSX load balancer pool
Delete any pool - the user can delete any NSX load balancer pool
See any pool - the user can see any NSX load balancer pools
Update any pool - the user can edit any NSX load balancer pools

NSX Load Balancer Services

OnApp administrators can control users' ability to manage NSX load balancer services through the Control Panel's Roles menu. You can set the following load balancer services permissions for user roles:

Any action on load balancer service - the user can take any action on NSX load balancer services
See any load balancer service - the user can see any NSX load balancer service
Update any load balancer service - the user can edit any NSX load balancer service

NSX Load Balancer Virtual Servers

OnApp administrators can control users' ability to manage NSX Edge internal or uplink interfaces as virtual servers through the Control Panel's Roles menu. You can set the following permissions for user roles:

Any action on virtual server - the user can take any action on NSX load balancer virtual servers
Create any virtual server - the user can create a new NSX load balancer virtual server
Delete any virtual server - the user can delete any NSX load balancer virtual servers
See any virtual server - the user can see any NSX load balancer virtual servers
Update any virtual server - the user can edit any NSX load balancer virtual servers

NSX Managers

OnApp administrators can control users' ability to manage NSX managers through the Control Panel's Roles menu. You can set the following NSX managers permissions for user roles:

Any action on NSX manager - the user can take any action on NSX manager
See any NSX manager - the user can see any NSX manager
Update any NSX manager - the user can edit any NSX manager

NSX NAT Rules

OnApp administrators can control users' ability to manage NSX NAT rules through the Control Panel's Roles menu. You can set the following NAT rules permissions for user roles:

Any action on nat rule - the user can take any action on NSX NAT rules
Create any nat rule - the user can create a new NSX NAT rule
Delete any nat rule - the user can delete any NSX NAT rule
See any nat rule - the user can see any NSX NAT rules
Update any nat rule - the user can edit any NSX NAT rules

NSX NAT Services

OnApp administrators can control users' ability to manage NSX NAT services through the Control Panel's Roles menu. You can set the following NAT services permissions for user roles:

Any action on nat service - the user can take any action on NSX NAT services
See any nat service - the user can see any NSX NAT services
Update any nat service - the user can edit any NSX NAT services

vCenter Resource Pools

OnApp administrators can manage vCenter resource pools. You can set the following permissions for user roles:

Any actions on vCenter Resource Pools - the user can take any action on vCenter Resource Pool
Delete any vCenter Resource Pool - the user can delete a vCenter Resource Pool
See any vCenter Resource Pool - the user can see any vCenter Resource Pool
Update any vCenter Resource Pool - the user can update any vCenter Resource Pool
Change an owner of any vCenter Resource Pool - the user can change the owner of any vCenter Resource Pool

Virtual Servers

Infrastructure Mode - the user can build managed vCenter VSs

See Create Custom vCenter VS for more details.

On this page:

Default permissions for vCenter User role
Other vCenter permissions

Synonyms for "update"updatingupgradeupgradingmodernizationrefreshdiscountingmodernizeinformbriefnotifyadviseapprise