Search for	Example	Results
A single word	`cat`	Topics that contain the word "cat". You will also find its grammatical variations, such as "cats".
A phrase. You can specify that the search results contain a specific phrase.	`"cat food"` (quotation marks)	Topics that contain the literal phrase "cat food" and all its grammatical variations. Without the quotation marks, the query is equivalent to specifying an OR operator, which finds topics with one of the individual words instead of the phrase.

Search for	Operator	Example
Two or more words in the same topic	`AND` `and` `+` (plus symbol) `&` (ampersand)	`cat AND dog` `"cat food"+milk` `"cat food"&"dog food"`
Either word in a topic	`OR` `or` `\|` (pipe)	`cat OR dog` `cat \| dog`
Topics that do not contain a specific word or phrase	`NOT` `not` `!` (exclamation point)	`NOT cat` `! dog`
Topics that contain one string and do not contain another	`^` (caret)	`cat ^ mouse`
A combination of search types	`( )` parentheses	`cat + (dog \| mouse)` `cat \| dog + (! mouse)`

Server Automation10.60

Administer > Permissions reference > Virtualization service management permissions

Virtualization service management permissions

To manage virtualization services (VSs), virtual machines (VMs), and VM templates, you must have the action permissions listed in the following table.

If a user does not have a particular action permission (the permission is set to No), the corresponding menu item will not appear in the SA Client Actions menu.

Virtualization action permissions
Action Permission	Description
View Virtualization Inventory	Also requires the permission Managed Servers and Groups = Yes. Allows you to view virtualization inventory (across supported technologies) and perform the “Reload Data” operation to view the most up-to-date virtualization information. If this permission is set to No, the Virtualization tab in the SA Client and the Oracle Solaris Zones view are not displayed.
Manage VM Lifecycle: Clone VM	Clone virtual machines and perform compatibility checks. “Customize Guest OS” is also required for guest customization.
Manage VM Lifecycle: Create VM	Create VMs and perform compatibility checks. When running the OS Build Plan from a Create VM job, also required are the permissions listed for “Run OS Build Plan” listed in the OS Provisioning permissions required for user actions table.
Manage VM Lifecycle: Customize Guest OS	Allows OS guest customization during “Clone VM” or “Deploy VM from VM Template.”
Manage VM Lifecycle: Delete VM	Delete VMs.
Manage VM Lifecycle: Deploy VM from VM Template	Deploy VMs from VM templates and perform compatibility checks. “Customize Guest OS” is also required for guest customization.
Manage VM Lifecycle: Migrate VM	Migrate virtual machines (host only, storage only, or both host and storage) and perform compatibility checks.
Manage VM Lifecycle: Modify VM	Modify configuration of VMs.
Manage VM Power State	Ability to perform power control operations for VMs (for example, power on, power off, pause, suspend, reset, restart guest, and shutdown guest).
Manage VM Templates: Convert VM to VM Template	Convert VMs to VM templates.
Manage VM Templates: Delete VM Template	Delete VM templates.
Administer Virtualization Services	Register, modify and remove virtualization services.
Add Host to Virtualization Service	Add hypervisors to a virtualization service so that they can be managed.

Virtualization container permissions and server resource permissions
Virtualization tasks and required permissions
Solaris virtualization permissions

Virtualization container permissions and server resource permissions

In addition to action permissions, virtualization container permissions are required to perform all virtualization actions. Virtualization container permissions give you access to virtualization containers such as datacenters, hypervisors, host groups, clusters, resource pools, folders, projects, and their children.

The access-control list (ACL) inheritance rule defines what user groups are automatically granted access to any newly added or discovered virtualization containers, based on what ACLs the user group has for the parent container.

Permission options are L (List), READ, WRITE, X (execute), and PM (edit permissions). If you want the setting for groups with X or PM to inherit ACLs, then use “X,PM.” The path to the rule is located here: Administration/System Configuration/Server Automation/Web Services Data Access Engine/Twist.v12n.inventory.inheritance.acl.

The PM option, which is the default, is the most strict option and is good for use with multi-tenant control. PM requires that a user with Edit permissions (generally a virtualization administrator) manually assign access to other groups. Only user groups that already have PM for the parent of the newly added or discovered container gets access.

The List option is the most permissive. If the user group has List permissions for the parent container, the group is automatically added to the new container with the group’s same permissions. For example, Group A has List and Read permissions, and Group B has List, Read, Write, and Execute permissions, for Datacenter 1. A new cluster is added under Datacenter 1. Group A now has List and Read permissions for the new cluster, and Group B has List, Read, Write, and Execute for the new cluster.

In addition to action permissions and virtualization container permissions, server resource permissions are required on servers running in a Virtualization Service. Server resource permissions are granted through facilities, customers, and device groups.

For more information about virtualization permissions and server resource permissions, see the "Virtualization management" section in the SA 10.60 Use section.

Where the Virtualization action permissions table lists just the action permissions, the Virtualization Tasks and Required Permissions for vCenter and SCVMM table lists the user tasks you can perform and the complete set of action permissions, virtualization container permissions, server resource permissions, and in some cases folder permissions required to perform each user action.

Virtualization tasks and required permissions

Table 40 lists the permissions required to perform each task on the virtualization inventory. The tasks in this table are used with VMware vCenter, Microsoft SCVMM. For more information on these tasks, see the "Virtualization management" section in the SA 10.60 Use section.

Virtualization Tasks and Required Permissions for vCenter and SCVMM
User Action	Required Action Permissions	Required Virtualization Container Permissions	Required Server Resource Permissions (Facility, Customer, Device Group)
View Virtualization tab in SA Client	View Virtualization Inventory: Yes Managed Servers and Groups: Yes	VS: List And Separate permissions on each container under the VS Datacenter: Read (for access to the underlying datastores) On the parent container of VMs and templates: Read	VS server: Read
Add VS	Administer Virtualization Services: Yes View Virtualization Inventory: Yes Managed Servers and Groups: Yes	None needed.	VS server: Read
Edit VS, Remove VS	Administer Virtualization Services: Yes View Virtualization Inventory: Yes Managed Servers and Groups: Yes	VS: Write	VS server: Read
Reload Data for the VS or a container under the VS	View Virtualization Inventory: Yes Managed Servers and Groups: Yes	VS or container under the VS: Read	None needed
Add Host to Virtualization Service	Add Host to Virtualization Service: Yes View Virtualization Inventory: Yes Managed Servers and Groups: Yes	Container where the hypervisor is being added: Write Or VS container if no container is specified: Write	Server (hypervisor) being added: Read
VM Power Controls - Start, Stop, Reset, Restart Guest, Shutdown Guest, Suspend, and Pause VM	View Virtualization Inventory: Yes Manage VM Power State: Yes Managed Servers and Groups: Yes	Container where the VM resides: Read
Create VM	View Virtualization Inventory: Yes Manage VM Lifecycle: Create VM: Yes Managed Servers and Groups: Yes Allow Execute OS Build Plan: Yes, if specifying an OSBP. Manage Package: Read, for non-PXE Create VM with OSBP.	Destination container (hypervisor, cluster, or resource pool) where the VM will reside: Write Folder in the vCenter VS inventory where the VM will reside: Write	Server.write for the newly created VM Note - Execute permission is also required on the SA Library folder containing the selected OS Build Plan. For non-PXE Create VM with OSBP: Read on the `Opsware/Tools/OS Provisioning/WinPE` folder (Windows) Read on the `Opsware/Tools/OS Provisioning` folder (Linux).
Modify VM	View Virtualization Inventory: Yes Manage VM Lifecycle: Modify VM: Yes Managed Servers and Groups: Yes	Container where the VM resides: Write And Hypervisor container the VM is on (vCenter only): List	VM server: Write
Migrate VM	View Virtualization Inventory: Yes Manage VM Lifecycle: Migrate VM: Yes Managed Servers and Groups: Yes	Container where the VM resides: Write Additional: To migrate storage - Hypervisor: List To migrate host or host and storage - destination container (hypervisor, cluster, or resource pool) where the VM will reside: Write	VM server: Read
Clone VM (vCenter only)	View Virtualization Inventory: Yes Manage VM Lifecycle: Clone VM: Yes Managed Servers and Groups: Yes	Container where the VM resides: Read Destination container (hypervisor, cluster, or resource pool) where the new VM will reside: Write Folder in the vCenter VS inventory where the new VM will reside: Write	Source VM server: Read New VM server: Write
Customize Guest OS - When performed as part of a Clone VM operation or a Deploy VM from VM Template operation	Same as Clone VM when performed as part of a clone VM operation. Same as Deploy VM from VM Template when performed as part of a deploy VM operation. Manage VM Lifecycle: Customize Guest OS: Yes Allow Execute OS Build Plan: Yes	Same as Clone VM when performed as part of a clone VM operation. Same as Deploy VM from VM Template when performed as part of a deploy VM operation.	Same as Clone VM when performed as part of a clone VM operation. Same as Deploy VM from VM Template when performed as part of a deploy VM operation. For Linux customization, Execute on the `Opsware/Tools/Build Plans/Virtualization/Guest Customization/Linux` folder. For Windows customization, Execute on the `Opsware/Tools/Build Plans/Virtualization/Guest Customization/Windows` folder.
Delete VM	View Virtualization Inventory: Yes Manage VM Lifecycle: Delete VM: Yes Managed Servers and Groups: Yes	Container where the VM resides: Write	VM server: Write
Deploy VM from VM Template	View Virtualization Inventory: Yes Manage VM Lifecycle: Deploy VM from VM Template: Yes Managed Servers and Groups: Yes	Container where the VM template resides: Execute Destination container (hypervisor, cluster, or resource pool) where the new VM will reside: Write Folder in the vCenter VS inventory where the new VM will reside: Write	VM template server: Read New VM server: Write
Convert VM to VM Template	View Virtualization Inventory: Yes Manage VM Templates: Convert VM to VM Template: Yes Managed Servers and Groups: Yes	Container where the VM resides: Write VM Templates folder in SCVMM Library: Write	VM server: Read
Delete VM Template	View Virtualization Inventory: Yes Manage VM Templates: Delete VM Template: Yes Managed Servers and Groups: Yes	Container where the VM template resides: Write	VM server: Write
Merge Servers	View Virtualization Inventory: Yes (in order to merge a Virtualization server with another server) Merge Servers: Yes Managed Servers and Groups: Yes	Container where the VM or Template resides: Write or Hypervisor: Write	Server.write for both servers to merge

Solaris virtualization permissions

The following table lists the permissions required for managing Oracle Solaris Zones. For more information, see the "Virtualization Management" section in the SA 10.60 Use section.

Solaris virtualization permissions
User Action	Required Action Permissions	Required Server Resource Permissions (Facility, Customer, Device Group)
Create Zone	Manage VM Lifecycle: Create VM View Virtualization Inventory: Yes Managed Servers and Groups: Yes	Hypervisor server: Read Customer the new VM is assigned to: Write
Reload Data	View Virtualization Inventory: Yes Managed Servers and Groups: Yes	Hypervisor server: Read VM server: Read
Modify	Manage VM Lifecycle: Modify VM View Virtualization Inventory: Yes Managed Servers and Groups: Yes	Hypervisor server: Read VM server: Write
Remove	Manage VM Lifecycle: Delete VM View Virtualization Inventory: Yes Managed Servers and Groups: Yes	Hypervisor server: Read VM server: Read
Start, Stop	Manage VM Power State: Yes View Virtualization Inventory: Yes Managed Servers and Groups: Yes	Hypervisor server: Read VM server: Write

Send Help Center feedback