Skip to main content
Skip table of contents

Creating a new role

To create a new role in the system, you must have the create_role/ create_role_any privilege.

In addition to being able to use predefined roles, an AirCloud administrator can create and configure custom roles to perform specific tasks for which the permissions of predefined roles are redundant or insufficient.

The process of creating a new role consists of the following steps:

1. Initiating the creation of a new role. This can be done using the global creation menu, which is accessed by clicking the "Create" button from any screen on the system, or by clicking the "Createrole" button located on the Roles screen with a list of existing AirCloud roles and a brief description of them.

2. In the Create new role window that appears, the new role should be configured with its parameters and access privileges, which are grouped in sections:

  • "General" contains general parameters of the new role, such as the role name, its brief description, and the source role from which the new role will be created(Clone settings from).

  • "Clusters" - parameters responsible for the privileges of the role on the resources that are part of the Clusters (VM, Host etc.).

  • "Data stores" - parameters responsible for role privileges when working with data stores available to the user.

  • "Administration" - setting of privileges to manage users and their access to system resources.

When creating a role on the basis of an existing one, its permissions and privileges are copied from all sections of the privileges settings.

You can view the permissions immediately after selecting a value in the Clone settings from field (i.e. before the role is created). If necessary, permissions can be changed manually.

The "Reset all inherited settings" button is used to reset all settings copied from the donor role. By pressing the button will be reset also the values of the parameters that were first inherited when filling the Clone settings from field and then changed manually.

Configuring privileges for a role on the "Clusters", "Data stores" and "Administration" tabs can be done inbasic mode oradvanced mode.

For more information about each of the privilege configuration modes, see "Basic Mode". "Basic Privilege Configuration Mode" и "Advanced Privilege Customization Mode".

3. Saving the settings of the new role using the "Createrole" button - if there are no conflicts, the system saves all changes made and creates a new role in the system.

If there are conflicts and contradictions in the privileges set for the role, the system will display the corresponding warning with the list of conflicting settings. In the same modal window, you can resolve all conflicts by setting new values for the conflicting settings.

Until all conflicts are resolved, the system will not allow the creation of a new role.

A simple example of a conflict situation could be the following: a role has privileges set to create and work with the VMSbut there are no privileges to work with data stores (Data stores). The system will offer to add the missing privileges.

If a role is created by the administrator on the basis of a pre-installed system role, the previously created role will not be affected by subsequent changes to the system role.

← Privileges and roles

Basic privilege configuration mode →

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close