(Click to open topic with navigation)

11 – Roles > 11.3 Role references > Permissions

Permissions

This topic lists all the permissions you can set when you configure roles in Viewpoint.

Permissions are stored in Moab Web Services. Any new permission you want to add to Viewpoint you must add through Moab Web Services. For more information, please see the "Permissions" resource section of the Moab Web Services Reference Guide.

The actual permission name will be in this format, corresponding with the attributes you define at permission creation in MWS: <type>.<resource>.<action> (for example, page.internalPage.read).

Use case

For example, say you want to create a custom navigation link to another internal web page and you only want "admin" role users to be able to see the link. Here's what you would do:

  • Create the new navigation (page) permission in MWS (see the "Permissions" resource section of the Moab Web Services Reference Guide). Make sure you specify the permission type is "page." For this example, let's say you named the permission page.custom.read.
  • Add the custom link to the navigation.xml file (see Adding a custom link to the Viewpoint menu).
  • In the navigation.xml when you specify the <permission> element, make sure that the permission name matches exactly the of permission you created in MWS (for example, page.custom.read).
  • Go to the Role Management page and edit the "admin" role so that it includes this new permission. For more information, see Editing an existing role.

On the New/Edit Role page, permissions are grouped in the following categories. Each table lists the permission name and describes what the permission does. By default, all permissions are added to the delivered "Administrator" role.

At any time, you can reset the default permissions to the delivered roles on the Set Viewpoint Defaults configuration page (for more information, see Resetting default roles and permissions).

Note that, depending on your type of suite, some permissions may not apply.

Object permissions

Accounting/accounts

Name Description Action Resource Scope
Quote usage-record Permission to access quote usage-record Read accounting/usage-records Global
Read MAM accounts Permission to read MAM accounts. Read accounting/accounts Global
Read MAM allocations Permission to read MAM allocations. Read accounting/allocations Global
Read MAM charge rates Permission to read MAM charge rates. Read accounting/charge-rates Global
Read MAM funds Permission to read MAM funds. Read accounting/funds Global
Read MAM funds balances Permission to read MAM funds balances. Read accounting/funds/balances Global
Read MAM funds statement Permission to read MAM funds statement. Read accounting/funds/reports/statement Global
Read MAM liens Permission to read MAM liens. Read accounting/liens Global
Read MAM organizations Permission to read MAM organizations. Read accounting/organizations Global
Read MAM quotes Permission to read MAM quotes. Read accounting/quotes Global
Read MAM transactions Permission to read MAM transactions. Read accounting/transactions Global
Read MAM usage-records Permission to read MAM usage-record. Read accounting/usage-records Global
Read MAM users Permission to read MAM users. Read accounting/users Global

Credentials

Name Description Action Resource Scope
Read credentials Permission to read credentials. Read credentials Global

Diag

Name Description Action Resource Scope
Read diagnostics Permission to read diagnostics. Read diag Global

Events

Name Description Action Resource Scope
Read all events Permission to read all events. Read events Global
Read tenant events Permission to read tenant events. Read events Tenant

Images

Name Description Action Resource Scope
Create images Permission to create images. create images Global
Delete images Permission to Delete images. delete images Global
Read all images Permission to read images. read images Global
Update images Permission to update images. update images Global

Job-arrays

Name Description Action Resource Scope
Create job arrays Permission to create job arrays. create job-arrays Global

Jobs

Name Description Action Resource Scope
Cancel all jobs Permission to cancel (delete) all jobs. delete jobs Global
Create jobs for any tenant Permission to create jobs for any tenant. create jobs Global
Read all jobs Permission to read all jobs. read jobs Global
Update all jobs Permission to update all jobs. update jobs Global
Cancel tenant jobs Permission to cancel (delete) tenant jobs. cancel jobs Tenant
Create jobs for tenant Permission to create jobs for tenant. create jobs Tenant
Read tenant jobs Permission to read tenant jobs. read jobs Tenant
Update tenant jobs Permission to update tenant jobs. update jobs Tenant

Metric-types

Name Description Action Resource Scope
Read metric types Permission to read metric types read metric-types Global

Nodes

Name Description Action Resource Scope
Power on/off all nodes Permission to power all nodes on/off. update nodes Global
Read all nodes Permission to read all nodes. read nodes Global
Reprovision all nodes Permission to reprovision all nodes. update nodes Global
Power on/off tenant nodes Permission to power tenant nodes on/off. update nodes Tenant
Read tenant nodes Permission to read tenant nodes. read nodes Tenant
Reprovision tenant nodes Permission to reprovision tenant nodes. update nodes Tenant

Notifications

Name Description Action Resource Scope
Read notifications

Permission to read notifications.

This permission is both a global and a tenant permission. When creating a global role, this permission gives a user access to all notifications. When creating a tenant role, this permission gives a user access to notifications tied to objects that belong to their tenant.

 update nodes Global
Update notifications

Permission to update notifications.

This permission is both a global and a tenant permission. When creating a global role, this permission lets a user dismiss or ignore all notifications. When creating a tenant role, this permission lets a user dismiss or ignore notifications tied to objects that belong to their tenant.

 read nodes Global

Permissions

Name Description Action Resource Scope
Create permissions Permission to create permissions. create permissions Global
Delete permissions Permission to delete permissions. delete permissions Global
Read permissions Permission to read permissions. read permissions Global

Plugin-types

Name Description Action Resource Scope
Create or update plugin-types Permission to create or update plugin types. update plugin-types Global
Read plugin-types Permission to read plugin types. read plugin-types Global

Plugins

Name Description Action Resource Scope
Create plugins Permission to create plugins. create plugins Global
Delete plugins Permission to delete plugins. delete plugins Global
Read plugins Permission to read plugins. read plugins Global
Update plugins Permission to update plugins. update plugins Global

Policies

Name Description Action Resource Scope
Read policies Permission to read policies. read policies Global
Update policies Permission to update policies. update policies Global

Principals

Name Description Action Resource Scope
Create principals Permission to create principals. create principals Global
Delete principals Permission to delete principals. delete principals Global
Read principals Permission to read principals. read principals Global
Update principals Permission to update principals. update principals Global

Reports

Name Description Action Resource Scope
Create reports Permission to create reports. create reports Global
Delete reports Permission to delete reports. delete reports Global
Read reports Permission to read reports. read reports Global
Update reports Permission to update reports. update reports Global

Reservations

Name Description Action Resource Scope
Create reservations for any tenant Permission to create reservations for any tenant. create reservations Global
Delete any tenant's reservations Permission to delete any tenant's reservation. delete reservations Global
Read all reservations Permission to read all reservations. read reservations Global
Update all reservations Permission to update all reservations. update reservations Global
Create reservations for tenant Permission to create reservations for tenant. create reservations Tenant
Delete tenant reservations Permission to delete tenant reservation. delete reservations Tenant
Read tenant reservations Permission to read tenant reservations. read reservations Tenant
Update tenant reservations Permission to update tenant reservations. update reservations Tenant

Resource-types

Name Description Action Resource Scope
Read resource-types Permission to read resource types. read resource-types Global

Roles

Name Description Action Resource Scope
Create roles Permission to create roles. create roles Global
Delete roles Permission to delete roles. delete roles Global
Read roles Permission to read roles. read roles Global
Update roles Permission to update roles. update roles Global

Service-templates

Name Description Action Resource Scope
Create service templates for any tenant Permission to create service templates for any tenant. create service-templates Global
Delete any tenant's service templates Permission to delete any tenant's service templates. delete service-templates Global
Read all service templates Permission to read all service templates. read service-templates Global
Update all service templates Permission to update all service templates. update service-templates Global
Create service templates for tenant Permission to create service templates for tenant. create service-templates Tenant
Delete tenant service templates Permission to delete tenant service templates. delete service-templates Tenant
Read tenant service templates Permission to read tenant service templates. read service-templates Tenant
Update tenant service templates Permission to update tenant service templates. update service-templates Tenant

Services

Name Description Action Resource Scope
Create a service global hook definition for any tenant Permission to create a service global hook definition for any tenant. create services Global
Delete any tenant's service global hook definitions Permission to delete any tenant's service global hook definitions. delete services Global
Delete any tenant's services Permission to delete any tenant's services. delete services Global
Read all service global hook definitions Permission to read all service global hook definitions. read services Global
Read all service running hooks Permission to read all service running hooks. read services Global
Read all services Permission to read all services. read services Global
Request a service for any tenant Permission to request a service for any tenant. create services Global
Update all service global hook definitions Permission to update all service global hook definitions. update services Global
Update all service running hooks Permission to update all service running hooks. update services Global
Update all services Permission to update all services. update services Global
Create a service global hook definition for tenant Permission to create a service global hook definition for tenant. create services Tenant
Delete tenant service global hook definitions Permission to delete tenant global hook definitions. delete services Tenant
Delete tenant services Permission to delete tenant services. delete services Tenant
Read tenant service global hook definitions Permission to read tenant service global hook definitions. read services Tenant
Read tenant service running hooks Permission to read tenant service running hooks. read services Tenant
Read tenant services Permission to read tenant services. read services Tenant
Request a service for tenant Permission to request a service for tenant. create services Tenant
Update tenant service global hook definitions Permission to update tenant service global hook definitions. update services Tenant
Update tenant service running hooks Permission to update tenant service running hooks. update services Tenant
Update tenant services Permission to update tenant services. update services Tenant

Standing-reservations

Name Description Action Resource Scope
Read standing-reservations Permission to read standing reservations. read standing-reservations Global

Tenants

Name Description Action Resource Scope
Create tenants Permission to create tenants. create tenants Global
Delete tenants Permission to delete tenants. delete tenants Global
Read tenants Permission to read tenants. read tenants Global
Update tenants Permission to update tenants. update tenants Global

VCs

Name Description Action Resource Scope
Create virtual containers Permission to create virtual containers. create vcs Global
Destroy virtual containers Permission to delete virtual containers. delete vcs Global
Read virtual containers Permission to read virtual containers. read vcs Global
Update virtual containers Permission to update virtual containers. update vcs Global

VMs

Name Description Action Resource Scope
Destroy any tenant's virtual machines Permission to destroy any tenant's virtual machines. delete vms Global
Migrate all virtual machines Permission to migrate all virtual machines. update vms Global
Power on/off all virtual machines Permission to power all virtual machines on/off. update vms Global
Read all virtual machines Permission to read all virtual machines. read vms Global
Destroy tenant virtual machines Permission to destroy tenant virtual machines. delete vms Tenant
Migrate tenant virtual machines Permission to migrate tenant virtual machines. update vms Tenant
Power on/off tenant virtual machines Permission to power tenant virtual machines on/off. update vms Tenant
Read tenant virtual machines Permission to read tenant virtual machines. read vms Tenant
Viewpoint permissions

Gadget

These permissions apply to the Viewpoint Homepage gadgets. For more information, see Homepage gadgets.

These permissions allow users to see certain gadgets on the Homepage. However, do not forget that the content displayed in gadgets is controlled by object permissions. As administrators give role permissions for gadgets, they must also apply the corresponding object permissions so that users can see the correct gadget information.

Name Description Action Resource Scope
Node Memory Dedication (Average)

Permission to view the Node Memory Dedication gadget.

(Administrators will want to add the corresponding Read all nodes or Read tenant nodes object permission.)

 Read -- None
Node Processor Dedication (Average)

Permission to view the Node Processor Dedication gadget.

(Administrators will want to add the corresponding Read all nodes or Read tenant nodes object permission.)

 Read -- None
Node State

Permission to view the Node State gadget.

(Administrators will want to add the corresponding Read all nodes or Read tenant nodes object permission.)

 Read -- None
Node Utilization

Permission to view the Node Utilization gadget.

(Administrators will want to add the corresponding Read all nodes or Read tenant nodes object permission.)

 Read -- None
Service Count

Permission to view the Service Count gadget.

(Administrators will want to add the corresponding Read all services or Read tenant services object permission.)

 Read -- None
Service Template Count

Permission to view the Service Template Count gadget.

(Administrators will want to add the corresponding Read all service templates or Read tenant service templates object permission.)

 Read -- None
Urgent Events Log

Permission to view the Urgent Event Log gadget.

(Administrators will want to add the corresponding Read all events or Read tenant events object permission.)

 Read -- None
VM State

Permission to view the Virtual Machine State gadget.

(Administrators will want to add the corresponding Read all virtual machines or Read tenant virtual machines object permission.)

 Read -- None
VM Utilization

Permission to view the Virtual Machine Utilization gadget.

(Administrators will want to add the corresponding Read all virtual machines or Read tenant virtual machines object permission.)

 Read -- None

Page

These permissions apply to the pages in Viewpoint.

If a user tries to access a page that he or she does not have permission to view, Viewpoint will notify them with the following message:

"The page you requested could not be found by the server or you do not have the permissions necessary to view this page. Please contact your administrator for help."

Name Description Action Resource Scope
Configuration Permission to access the Configuration page (for more information, see About configuration). Read -- None
Events Permission to access the Event Log/Event Details pages (for more information, see About event log). Read -- None
Home Permission to access the Homepage (for more information, see Homepage gadgets). Read -- None
Image Management Permission to access the Image Management/Image Details pages (for more information, see About image management). Read -- None
Moab Accounting Manager Permission to access the Accounting Manager page (for more information, see About Accounting Manager). Read -- None
New Reservation Permission to access the New Reservation page (for more information, see Fields: New Reservation). Read -- None
Node Management Permission to access the Node Management/Node Details pages (for more information, see About node management). Read -- None
Notification Management Permission to access the Notification Management page (for more information, see About notification management). Read -- None
Policy Management Permission to access the Policy Management page (for more information, see About policy management). Read -- None
Reservation Management Permission to access the Reservation Management/Reservation Details pages (for more information, see About reservation management). Read -- None
Role Management Permission to access the Role Management page (for more information, see About role management). Read -- None
Service Template Management Permission to access the Service Template Management/Edit Service Template pages (for more information, see About service template management). Read -- None
Service/VM Management Permission to access the Service Management, Service Details, Virtual Machine Management, and Virtual Machine Details pages (for more information, see About service management and About virtual machine management). Read -- None
Tenant Management Permission to access the Tenant Management/Edit Tenant pages (for more information, see About tenant management). Read -- None

Default role permissions

This section outlines which permissions are included by default in each delivered role. Any time you need to, you can set or reset the permissions for the default roles (see Resetting default roles and permissions).

Administrator role

All Viewpoint and object permissions are included in the Administrator role by default.

PowerUser role

The PowerUser role is a tenant role. It contains the following Viewpoint and object permissions:

Object permissions

Events Read tenant events
Jobs

Cancel tenant jobs

Create jobs for tenant

Read tenant jobs

Update tenant jobs

Nodes

Read tenant nodes

Reprovision tenant nodes

Power on/off tenant nodes

Notifications

Read notifications

Update notifications

Reservations

Create reservations for tenant

Delete tenant reservations

Read tenant reservations

Update tenant reservations

Service-templates

Create service templates for tenant

Delete tenant service templates

Read tenant service templates

Update tenant service templates

Services

Create a service global hook definition for tenant

Delete tenant service global hook definitions

Delete tenant services

Read tenant service global hook definitions

Read tenant service running hooks

Read tenant services

Request a service for tenant

Update tenant service global hook definitions

Update tenant service running hooks

Update tenant services

VMs

Destroy tenant virtual machines

Migrate tenant virtual machines

Power on/off tenant virtual machines

Read tenant virtual machines

Viewpoint permissions

User role

The User role is a tenant role. It contains the following Viewpoint and object permissions:

Object permissions

Accounting

Read MAM accounts

Images

Read all images

Jobs

Create jobs for tenant

Read tenant jobs

Notifications

Read notifications

Update notifications

Service-templates

Read tenant service templates

Services

Read tenant services

Request a service for tenant

VMs

Read tenant virtual machines

Viewpoint permissions

Gadget

Service Count

Service Template Count

VM State

Urgent Events Log

Page

Events

Home

Notification Management

Service Template Management

Service/VM Management

Related topics