Skip to main content
Skip table of contents

Privileges of the "Administration" section

Essence

Privilege group

Privilege Name

Brief description of the privilege

Comment

User

Create

create_user

Permits the creation of new user accounts on the system.

View

view_user

Allows viewing the list of users in the system, their first and last names, and allows them to access AirCloud resources.

A user with this privilege will only be able to grant administrative access to AirCloud resources to which they have access.

view_email

Allows users to view their email addresses.

admin_access

Allows viewing AirCloud resources to which system users have administrative access.

A user with this privilege will be able to view a list of all resources to which users have access, including VMs (personal and shared).

resource_usage

Allows to view statistics on how users are using the system's computational resources.

view_events

Allows viewing information about users' actions in the system.

Edit

edit_name

Allows making changes to user account settings: first name, last name.

edit_email

Enables changes to user account settings - e-mail address. The privilege also allows the password reset procedure for already created user accounts.

If you change the e-mail address in the user account settings, the password reset will be performed automatically.

provide_admin_access

Allows users or groups to be added to the local administrative access list.

edit_roles

Allows changing user or group roles for existing entries in the local administrative access list.

edit_status

Allows changing the status (active/inactive) of existing entries in the local administrative access list.

remove_admin_access

Allows removing entries from the local administrative access list.

Attention! A user with this privilege will be able to delete only those entries of the global access list whose roles do not exceed his own privileges.

Delete

remove_account

Enables deletion of user accounts from the system.

Warning Deleting someone else's account from the system by a user with this privilege may result in changes in access settings even for resources to which the user does not have access.

Group

Create

create_group

Enables the creation of new user groups in the system.

View

view_group

Allows viewing the list of groups, their members, and granting them access to AirCloud resources.

A user with this privilege will only be able to grant administrative access to AirCloud resources to which they have access.

admin_access

Allows you to view AirCloud resources to which user groups have administrative access.

resource_usage

Allows you to view statistics about how user groups are using compute resources on the system.

view_events

Enables viewing information about the user group's actions on the system.

Edit

edit_name

Allows to make changes to the user group settings: name, short description.

edit_users

Allows to make changes to the user group settings - composition of members.

Attention! Changing the group membership by a user with this privilege can lead to changes in access settings even for resources to which the user does not have access.

provide_admin_access

Allows users or groups to be added to the local administrative access list.

edit_roles

Allows changing user or group roles for existing entries in the local administrative access list.

edit_status

Allows changing the status (active/inactive) of existing entries in the local administrative access list.

remove_admin_access

Allows removing entries from the administrative access list.

Attention! A user with this privilege will be able to delete only those entries in the global access list whose roles do not exceed his own privileges.

Delete

remove_group

Enables deletion of user groups from the system.

Warning Deleting a group of users from the system by a user with this privilege may result in changes in access settings even for resources to which the user does not have access.

Role

Crerate

create_role

Allows the creation of new roles with privileges that do not exceed the privileges taken from the global access list entries marked "Propagate" for this user.

Warning A user with this privilege will only be able to create roles with the privileges that they have themselves.

create_role_any

Allows creation of new roles in the system without privilege set limitation.

Attention! A user with this privilege will be able to create roles with any set of privileges, even exceeding the user's own privileges in the system.

View

view_role

Enables viewing a list of roles in AirCloud. The privilege is available by default to all users.

Warning A user with this privilege will be able to view all roles available in the system, even those that are more privileged than their own.

Edit

edit_role

Allows editing in basic and advanced modes only those roles that do not exceed the privileges taken from the global access list entries marked "Propagate" for this user.

Warning To edit the privileges of the roles already existing in the system, the user must have the privileges to change the composition of roles in the global and all local administrative access lists. This is because changing the privilege composition of a role will change the privileges of all users/groups in all AirCloud resource access lists in which the role being changed can occur.
A user with this privilege will only be able to change roles that do not exceed his own privilege set. In the context of modifying roles, his own privileges are only counted from the set of entries in the global administrative access list with inheritance enabled. In this case, he will only be able to add privileges to the role he is modifying that he himself has.

edit_role_any

Allows changing the privileges of any role in basic and advanced modes.

Warning! To edit privileges already existing in the system roles, the user must have the privileges to change the composition of roles in the global and all local lists of administrative access. This is because changing the privilege composition of a role will change the privileges of all users/groups in all AirCloud resource access lists in which the role being changed can occur.
A user with this privilege will only be able to change roles that do not exceed the privilege set of his/her own. In the context of modifying roles, his own privileges are only counted from the set of entries in the global administrative access list with inheritance enabled. In this case, he will only be able to add to the role he is modifying those privileges that he himself has.

Delete

remove_role

Allows deleting roles with privileges that do not exceed the privileges taken from the global access list entries marked "Propagate" for this user.

Warning To be able to delete roles that do not exceed its own, a user must at least have the following privileges:

  • the privilege to remove administrative access entries from all local as well as global AirCloud access lists to be able to make changes to all access lists in which the role to be removed may occur;

  • the privilege to change the composition of roles in all local and global administrative access list entries, since deleting a role will change the entries of the access lists in which it occurs.

remove_role_any

Enables deletion of any roles from the system.

Warning A user with this privilege will be able to remove roles with any set of privileges.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close