App Volumes has built-in roles with assigned privileges for managing App Volumes Manager. In addition to the built-in roles, you can create custom roles and assign necessary privileges to this role.
You can assign built-in roles or custom roles to an active directory group. All users within the group inherit the privileges defined for the role. To change the active directory group, you can edit the assignment. You can also remove the role from the assigned active directory group. However, you can only edit or remove a custom role.
Built-in Roles
Roles | Responsibilities |
---|---|
Administrators | Perform all operations including adding and setting permissions for other administrators. |
AppStacks Administrators |
|
Inventory Administrators |
|
Administrators (Read only) | View resources but cannot make any modifications or perform other tasks. For more information, see the Administrators (Read only) section in this document. |
Security Administrators |
|
Writables Administrators |
|
Administrators (Read only)
This administrator role can only view the resources and configuration information but cannot perform any other tasks. Specifically, a read-only administrator cannot perform the following functions:
- Make configuration changes to the App Volumes Manager.
- Create or import Application Packages.
- Create or import AppStacks.
- Make storage configuration changes.
- Add or remove Active Directory domains.
- Add or remove Machine Managers.
- Create, import, or update writable volumes.
Only an existing administrator, who has complete access to App Volumes Manager functionality, can add the Administrator (Read only) role.
As an administrator, you can add a read-only account to a group of users that belong to a particular domain. For example, if you have created a domain xyz.com, then you can create a read-only account belonging to the domain xyz.com.
Custom Roles
You can create custom roles with specific privileges and assign them to groups. Whenever privileges are changed for the custom roles, they are dynamically updated and the members of the group receive the updated privileges immediately.
You can assign multiple roles to a group. In such a case, the group receives the union of the privileges of the different roles assigned to it.
- When a new role is assigned to a group, the users of the group must log out and log in again to the system before they can get the privileges offered by the role.
- When creating custom administrator roles, granting view privilege to either AppStacks or applications effectively grants view privileges to both functions.