You can assign built-in roles or custom roles to Active Directory groups. All users within the group will inherit the privileges that have been defined for the role.

You can assign the following built-in roles from the App Volumes Manager:
  • Administrators - Has permission to perform all operations including adding and settings permissions for other administrators.
  • AppStacks Administrators
    • Can perform all operations related to AppStacks such as create, import, rescan, update, and so on.
    • Has only viewing access to other resources such as Directory or Infrastructure.
    • Does not have access to Configuration or Writable Volumes.
  • Inventory Administrators
    • Can perform operations related to Applications such as create, import, rescan, update, and so on.
    • Can perform operations related to Writable Volumes and Writable Volumes (2.x) such as create, import, update, rescan, and so on.
    • Has only viewing access to other resources such as Directory or Infrastructure.
    • Does not have access to Configuration resources.
  • Administrators (Read only) - Can only view the resources but cannot make any modifications or perform other tasks.
  • Security Administrators
    • Has permission to manage roles such as create, update, and delete custom roles.
    • Manage and change role assignments.
  • Writables Administrators
    • Can perform all operations related to Writable Volumes and Writable Volumes (2.x) such as create, import, update, back up, and so on.
    • Has only view access to other resources such as AppStacks, Directory, Infrastructure, Storage Groups and so on.
    • Does not have access to Configuration resource.
Note: To view the privileges assigned to a role, go to CONFIGURATION > Admin Roles > Manage Roles, select a built-in role or a custom role, and click Show.

Custom Roles

Note the following about custom roles and assigning multiple roles.
  • You can create custom roles with specific privileges and assign them to groups. Whenever privileges are changed for the custom roles, they are dynamically updated and the members of the group receive the updated privileges immediately.
  • You can assign multiple roles to a group. In such a case, the group will get the union of the privileges of the different roles assigned to it.
Note:
  • When a new role is assigned to a group, the users of the group must log out and log in again to the system before they can get the privileges offered by the role.
  • When creating custom administrator roles, granting view privilege to either AppStacks or applications will effectively grant view privileges to both functions.

Administrators (Read only)

A read-only administrator can only view the resources and configuration information but cannot perform any other tasks. Specifically, a read-only administrator cannot perform the following functions:

  1. Make configuration changes to the App Volumes Manager.
  2. Create or import Application Packages.
  3. Create or import AppStacks.
  4. Make storage configuration changes.
  5. Add or remove Active Directory domains.
  6. Add or remove Machine Managers.
  7. Create, import, or update writable volumes.

A read-only administrator can be added only by an existing administrator who has complete access to the App Volumes Manager functionality.

As an administrator, you can add a read-only account to a group of users that belong to a particular domain. For example, if you have created a domain xyz.com, then you can create a read-only account belonging to the domain xyz.com.

Note: You cannot create a read-only account for a single user.