• Create and manage rights and roles
• The _owner_ role
• Creation and manage a new role
• Users and permissions
• Set the role to a public state or not
• Add /remove an user to a role
• Add / remove permissions
• Remove a permission for a role

Create and manage rights and roles¶

The owner role¶

It is possible, for one client, to create roles and to affect rights to each one of them.
When creating of client, a default owner role is affected to it. The user who have created the client will automatically be added to this owner role.

For example :

ludovic@ZiSH:# show client projet_1

Client:      projet_1
Address:     None
Country:     None

Vsites:      sous_projet_1
Roles:       owner
Users:       None

Creation and manage a new role¶

To create a new role :

Client:projet_1# role admin
Role admin created

Role:projet_1.admin# show
projet_1

Role:        admin
Client:     projet_1
Public:     no

Users:      None
Permissions:

Users and permissions¶

Now that we have have seen how to create new roles, we are now look in detail how to manage users, their rights, and the objects which they apply to.

Let's start by create a new role for the "projet_1" client :

Client:projet_1# role admin
Role admin created

Role:projet_1.admin# help

Documented commands (type help <topic>):
========================================
addpermission  adduser  delpermission  deluser  exit  help  public  show

The possibilities are :

1. Add / remove users to this role
2. Add / remove permissions
3. Set the role to a public state or not

Set the role to a public state or not¶

This functionnality allows to autorise to others platform users de display the informations about this particular role.

Role:projet_1.admin# help public

        address yes/no - Set Role public or not

Role:projet_1.admin# public yes
Role:projet_1.admin# show
projet_1

Role:        admin
Client:     projet_1
Public:     yes

Users:      None
Permissions:
Vsite: sous_projet_1    -> VSite - manage

Add /remove an user to a role¶

• Be careful ! In order to display an user adn add it to a role, you must have associated it to your client* (see Managing a client)

Let's imagine that we want to add the user "seb" :

Role:projet_1.admin# adduser ludo_test
seb

Role:projet_1.admin# show
projet_1

Role:        admin
Client:     projet_1
Public:     no

Users:      seb
Permissions:

As well, to delete this user from the role :

Role:projet_1.admin# deluser seb

Role:projet_1.admin# show
projet_1

Role:        admin
Client:     projet_1
Public:     no

Users:      
Permissions:

Add / remove permissions¶

Role:projet_1.admin# help addpermission

        addpermission <vsite> <family> <permission> - Add a permission on a vsite to this role

Let's take a detail look about the options :

• vsite : set on which vsite will the permission be applied to
• family : point out the service family to create the permission. The available family are :
1. > Interface
2. > IPaddress
3. > Storage
4. > VMachine
5. > Vsite
6. > Vlan

• permission : these are the differents available permission for a family (available permissions are different according to the family), for instance, for the "vsite" family :

1. > configure : modify the vsite parameters
2. > create : create new services for the current vsite
3. > delete : delete one or several services associated to the current vsite
4. > list : display the vsite informations

To access a service, meaning displaying it, you must have the "list" permission

Other examples of permissions with the "vmachine" object :

1. > configure : modify the machine parameters
2. > list : display the machine list
3. > manage : interact with the machine (boot, shutdown, etc...)

Remove a permission for a role¶

Role:projet_1.admin# help delpermission

        delpermission <family> <permission> - Remove a permission on a vsite to this role

For example, to remove the "create" permission on the sous_projet_1 vsite :

Role:projet_1.admin# delpermission Vsite create