CloudShell User Permission Levels (RBAC)

This article lists the different actions each user type can perform in CloudShell. In the tables below, supported actions are indicated in green while unsupported actions are red.

For more information about group roles and access levels, see Managing CloudShell Groups.

Note: In the tables below, "View Only access" indicates the permissible actions for users who are members of a group that is defined as View Only in the domain. For more information, see Associating groups with a domain.

Blueprints

The following table shows which actions are available for each CloudShell user type in a blueprint.

The permissible actions in a blueprint for users other than the blueprint owner are determined by a combination of the user type, group's role (regular, domain, external), and the group's access level (whether the group is defined as View Only in the current domain).

Note: For brevity, the "Edit" action indicates the user type can create, edit and delete the element.

* indicates that the action is available to the blueprint owner

** indicates that the option can be hidden from non-admin users with the BlockPackageExportForNonAdmins key

*** If the <add key="OnlyAllowNewEnvironmentsFromTemplates" value="true"/> key is defined on the server , users can only create blueprints from a template but not from scratch (empty blueprints). However, if there are no templates assigned to the domain, users of that domain cannot create new blueprints. For details, see The + Create Blueprint Link is Missing From the Blueprint Catalog.

Action

System Administrator user

Domain administrator user

Regular user

View-only access

External

Extended external

View the list of blueprints

v

v

v

v

v

v

View the blueprint diagram

v

v

v

v

v

v
Create blueprints

v ***

v ***

v ***

v ***

x

x

Edit blueprints

v

v

x *

x *

x

x

Reserve blueprints

v

v

v

x

x

v
Export blueprint packages v v v ** v ** x x

Sandboxes

The permissible actions in a sandbox are determined by a combination of the user type, group's role (regular, domain, external), and the group's access level (whether the group is defined as View Only in the current domain), and the current sandbox status.

Permissible actions according to user type

The following table shows which actions are available for each CloudShell user type in a sandbox (applies to sandbox consumers that are neither Owner nor Permitted User in the sandbox). Note that sandboxes of other users in the domain can be hidden from regular users using the ShowOtherUserInDomainReservations key.

Action

System Administrator user

Domain administrator user

Regular user

View-only access

External user

View the list of sandboxes

v

v

v

v

x

View the sandbox diagram

v

v

x

x

x

Edit the sandbox (form)

v

v

x

x

x

Extend the sandbox

v

v

x

x

x

End the sandbox

v

v

x

x

x

Delete the sandbox

v

v

x

x

x

Terminate the sandbox

v

v

x

x

x

Execute commands

v

v

x

x

x

Interact with the sandbox during setup

v

v

x

x

x

Launch applications

v

v

x

x

x

Save sandbox as blueprint

v

v

x x x
Save the sandbox v v x x x

Permissible actions for Owner/Permitted User

The following table shows which actions are available for the sandbox's owner or permitted users (users that were added by the sandbox owner to the sandbox as Permitted Users).

Sandbox actions

Owner

Permitted - regular

Permitted - view only

Permitted - external

Permitted - extended external

View the list of sandboxes

v

v

v

v

v

View the sandbox diagram

v

v

v

v

v

Edit the sandbox (form)

v

v

x

x

v

Extend the sandbox

v

v

x

x

v

End the sandbox

v

v

x

x

v

Delete the sandbox

v

x

x

x

x

Terminate the sandbox

v

x

x

x

x

Execute commands

v

v

x

v

v

Interact with the sandbox during setup

v

v

x

x

v

Launch applications

v

v

x

v

v
Save sandbox as blueprint v v x

x

x
Save the sandbox v v x x v

Permissible actions according to sandbox status

The following table shows the available actions in a sandbox for each sandbox status.

Action

Pending

Setup

Active

Teardown

Completed

Overtime

Saving

View the list of sandboxes

v

v

v

v

v

v

v

View the sandbox diagram

v

v

v

v

v

v

v

Edit the sandbox (form)

v

v

v

x x

v

v

Extend the sandbox

v

v

v

x

x

v

v

End the sandbox

x

v

v

x

x

v

v

Delete the sandbox

v x x x v x x

Terminate the sandbox

x

x

x

v

x

v

x

Execute commands

x

x

v

x

x

v

x

Interact with the sandbox during setup

x

v

v

x

x

x

x

Launch applications

x

x

v

v

x

v

x
Save the sandbox x x v x x x x

Saved Sandboxes

The following table shows which actions are available for each CloudShell user type in a saved sandbox.

Action

System admin

Domain admin

Regular user

View-only access

External user

Extended external user

Restore a saved sandbox

v

v

v

x

x

v

Delete a saved sandbox

v

v

v

x

x

v

View my saved sandboxes

v

v

v

x

x

v

View list of all saved sandboxes

v

v

x

x

x

x

Job Scheduling dashboard

The following table shows which actions are available for each CloudShell user type in the Job Scheduling dashboard. Note that admins can allow regular users to edit and create suite templates using the AllowRegularUsersToEditSnQ key.

Note: For brevity, the "Edit" action indicates the user type can create, edit and delete the element.

Action

System Administrator user

Domain administrator user

Regular user

View-only access

External/extended user

Edit suite template v v x x x
Customize suite template v v v x x

View execution reports

v v v x x
Run suite template execution v v v x x
Extend suite template execution v v v x x
Stop suite template execution v v v x x
AdHoc suite v v v x x

Inventory dashboard

The following table shows which actions are available for each CloudShell user type in the Inventory dashboard.

Note: For brevity, the "Edit" action indicates the user type can create, edit and delete the element.

Action

System Administrator user

Domain administrator user

Regular user

View-only access

External/extended user

View resources v v v v x
Edit resources v v x x x
Reserve resources v v v x x
Search within resources v v v v x
View abstract resource templates v v v v x
Edit abstract resource templates v v x x x
View services v v v v x

Insight dashboard

If Sisense is configured to work with SSO from CloudShell, the first time a CloudShell user (any user role) logs in to Insight, a user is created in Sisense with Viewer permissions (CloudShell user must have an email). For designer or admin privileges, customize the user’s role in Sisense or contact Quali Support.

For information about Sisense user permissions, see Sisense Documentation.

Manage dashboard

The following table shows which actions are available for each CloudShell user type in the Manage dashboard. This only applies to system administrators and domain administrators as other user types cannot access this dashboard. Note that system admins can allow domain admins to manage drivers using the HideDriversTabInManage key.

Note: For brevity, the "Edit" action indicates the user type can both view and edit the element.

** indicates that the user type can only access the element in their own domain.

Action

System Administrator user

Domain administrator user

Regular user

View-only access

External/extended user

Edit Apps v v ** x x x
Edit Categories v x x x x
Edit Shells (See Shells below) v x x x x
View Licensing v x x x x
Edit Domains v v ** x x x
Edit Execution Servers v x x x x
Edit JavaScript Extension   x x x x
Edit Blueprint Templates v v x x x
Edit Scripts v v ** x x x
Edit Drivers v v ** x x x

Shells

The following tables show which Shell management actions are available for each CloudShell user type.

1st Gen Shells

Action

System Administrator user

Domain administrator user

Regular user

View-only access

External/extended user

Import

v

v

v v x
Modify (Resource Manager Client)

v

v

x x x

2nd Gen Shells

Action

System Administrator user

Domain administrator user

Regular user

View-only access

External/extended user

Import v x x x x
Add custom attributes v x x x x
Upgrade v x x x x
Download from CloudShell v x x x x
Delete v x x x x