1,798
edits
Changes
→Creating a New Delegated Administrator Role
== Creating a New Delegated Administrator Role ==
As previously outlined, new Delegated Administrator roles may be created by existing members of either the Administrator Role or a member of another Delegated Administrator role. New Delegated Administrator roles are crated created from within the VMM Administrator Console (see the chapter entitled [[A Guided Tour of the VMM Administrator Console]] for details on how to launch this console).
Once the console is running and connected to the appropriate VMM Server, select the ''Administration'' view by clicking on ''Administration'' in the view pane located in the bottom left hand corner of the console window. With this view selected, click on the ''User Roles'' item in the ''Administration'' pane in the top left hand corner. Doing so will display the current list of configured user roles as illustrated in the following figure:
Selecting a role from the list will result in details about that role, including members, appearing in the ''Details'' pane. In the above figure, for example, details of the Administrator Role are displayed.
A new Delegated Administrator role can be created by clicking on the ''New user role'' link located in the lower section of the ''Actions'' pane located on the right side of the console window. This selecting selection will display the ''Create User Role'' wizard as illustrated below:
[[Image:vmm_2008_new_user_role_wizard.jpg|The VMM 2008 New User Role Wizard]]
The initial screen requires a name for the new role, an optional description and the type of role (Delegated Administrator or Self-Service User). For the purposes of this exercise, select ''Delegated Administrator'' and click ''Next'' to proceed. The next screen allows the list of members of the role to be defined (new members may be added and existing members removed after the role has been created by following steps outlined later in this chapter). Click the ''Add...'' button to display the standard Windows Server 2008 ''Select Users, Computers or Groups'' dialog:
[[Image:vmm_select_users.jpg|The Windows Server 2008 Select Users, Computers or Groups]]
Identify the users to be added to the role, separating multiple names with semi-colons and click ''Check Names'' to valid the existence of the users. Click ''OK'' to add the users to the role and click ''Next'' proceed to the ''Select Scope'' screen. On this screen, select the hosts and libraries for which members of the role are to have permission, followed by the ''Next'' button.
Review the ''Summary'' screen and click ''Create'' to create the new User Role.
== Creating a New Self Service User Role ==
VMM 2008 Self-Service User roles may be created by existing members of either the Administrator or Delegated Administrator roles. As with new Delegated Administrator roles, Self-Service User roles are created from the ''Administration'' view of the VMM Administrator Console.
A new Delegated Administrator role can be created by clicking on the ''New user role'' link located in the lower section of the ''Actions'' pane located on the right side of the console window. This selection will display the ''Create User Role'' wizard as illustrated below:
[[Image:vmm_2008_new_user_role_wizard.jpg|The VMM 2008 New User Role Wizard]]
The initial screen requires a name for the new role, an optional description and the type of role (Delegated Administrator or Self-Service User). Select ''Self-Service User'' and click ''Next'' to proceed. The next screen allows the list of members of the role to be defined (new members may be added and existing members removed after the role has been created by following steps outlined later in this chapter). Click the ''Add...'' button to display the Windows Server 2008 ''Select Users, Computers or Groups'' dialog.
Identify the users to be added to the role, separating multiple names with semi-colons and click ''Check Names'' to valid the existence of the users. Click ''OK'' to add the users to the role and click ''Next'' proceed to the ''Select Scope'' screen. On this screen, select the hosts for which members of this new role are to have permission, followed by the ''Next'' button.
The ''Virtual Machine Permissions'' screen shown below controls the actions members of the role are able to perform on virtual machines.
[[Image:vmm_self-service_role_vm_permisions.jpg|Virtual Machine Permissions]]
Deselect any permission that are not be granted to members of the role and click ''Next'' to proceed to the ''Virtual Machine Creation'' settings screen. Self-Service Portal users are only allowed to create new virtual machines if the ''Allow users to create virtual machines'' option on this screen is selected. If selected, users are then only able to create virtual machines from specific templates which are added here. If no templates are specified, users will be unable to create new virtual machines. Detailed information on the creation of virtual machine templates is provided in the [[Creating and Managing VMM 2008 Virtual Machine Templates]] chapter of this book:
[[Image:vmm_self-service_vm_creation.jpg|Configuring VMM Self-Service user virtual machine creation templates]]
The ''Virtual Machine Permissions'' screen also allows a quota point limit to be specified. There is not necessarily a one to one correlation between virtual machines and quota points (although by default VMM does assign one quota point to a virtual machine template). The number of quota points assigned to a virtual machine may be modified in the template by selecting the template from the VMM Administrator Console ''Library'' view, selecting ''Properties'' from the ''Actions'' pane and choosing the ''Settings'' tab.
The number of quota points which should be assigned to a virtual machine created from a template will depend on the hardware resources configured for that template. A template containing a hardware configuration with large memory and CPU resource requirements, for example, is likely to be assigned a higher number of quota points in order limit the number of virtual machine instances that can be created through the Self-Service Portal. Once the specified quota limit is reached for the Self-Service User role, additional virtual machines cannot be created until enough virtual machines belonging to the user role are shut down to free up the number of quota points required by the new virtual machine.
Clicking ''Next'' proceeds to the ''Library Share'' screen where the the library shares to which members of the role are allowed to store virtual machines is displayed. To prevent users from storing virtual machines in a library, deselect the ''Allow users to store virtual machines in a library'' option.
Finally, click ''Next'', review the ''Summary'' screen and click ''Create'' to create the new Self-Service User role.
== Modifying an Existing User Role ==
The configuration of an existing user role may be modified by right clicking on the desired role from the list in the VMM Administrator Console and selecting ''Properties'' from the menu. This will display the ''User Role Properties'' dialog. The dialog consist of a number of different pages which are accessed by clicking on the appropriate tab. The following figure shows the ''VM Permissions'' properties for a Self-Service User role:
[[Image:vmm_self-service_role_properties.jpg|The properties of a VMM 2008 Self-Service user role]]
