Skip to main content
Version: 2024.1

CloudShell User Permission Levels (RBAC)

This article lists the different actions each user type can perform in CloudShell. In the tables below, supported actions are indicated in green while unsupported actions are red.

For more information about group roles and access levels, see Managing CloudShell Groups.

note

In the tables below, "View Only access" indicates the permissible actions for users who are members of a group that is defined as View Only in the domain. For more information, see Associating groups with a domain.

Blueprints

The following table shows which actions are available for each CloudShell user type in a blueprint.

The permissible actions in a blueprint for users other than the blueprint owner are determined by a combination of the user type, group's role (regular, domain, external), and the group's access level (whether the group is defined as View Only in the current domain).

note

For brevity, the "Edit" action indicates the user type can create, edit and delete the element.

* indicates that the action is available to the blueprint owner

** indicates that the option can be hidden from non-admin users with the BlockPackageExportForNonAdmins key

*** If the <add key="OnlyAllowNewEnvironmentsFromTemplates" value="true"/> key is defined on the server , users can only create blueprints from a template but not from scratch (empty blueprints). However, if there are no templates assigned to the domain, users of that domain cannot create new blueprints. For details, see The + Create Blueprint Link is Missing From the Blueprint Catalog.

ActionSystem Administrator userDomain administrator userRegular userView-only accessExternalExtended external
View the list of blueprintsvvvvvv
View the blueprint diagramvvvvvv
Create blueprintsv ***v ***v ***v ***xx
Edit blueprintsvvx *x *xx
Reserve blueprintsvvvxxv
Export blueprint packagesvvv **v **xx

Sandboxes

The permissible actions in a sandbox are determined by a combination of the user type, group's role (regular, domain, external), and the group's access level (whether the group is defined as View Only in the current domain), and the current sandbox status.

Permissible actions according to user type

The following table shows which actions are available for each CloudShell user type in a sandbox (applies to sandbox consumers that are neither Owner nor Permitted User in the sandbox). Note that sandboxes of other users in the domain can be hidden from regular users using the ShowOtherUserInDomainReservations key.

ActionSystem Administrator userDomain administrator userRegular userView-only accessExternal user
View the list of sandboxesvvvvx
View the sandbox diagramvvxxx
Edit the sandbox (form)vvxxx
Extend the sandboxvvxxx
End the sandboxvvxxx
Delete the sandboxvvxxx
Terminate the sandboxvvxxx
Execute commandsvvxxx
Interact with the sandbox during setupvvxxx
Launch applicationsvvxxx
Save sandbox as blueprintvvxxx
Save the sandboxvvxxx

Permissible actions for Owner/Permitted User

The following table shows which actions are available for the sandbox's owner or permitted users (users that were added by the sandbox owner to the sandbox as Permitted Users).

Sandbox actionsOwnerPermitted - regularPermitted - view onlyPermitted - externalPermitted - extended external
View the list of sandboxesvvvvv
View the sandbox diagramvvvvv
Edit the sandbox (form)vvxxv
Extend the sandboxvvxxv
End the sandboxvvxxv
Delete the sandboxvxxxx
Terminate the sandboxvxxxx
Execute commandsvvxvv
Interact with the sandbox during setupvvxxv
Launch applicationsvvxvv
Save sandbox as blueprintvvxxx
Save the sandboxvvxxv

Permissible actions according to sandbox status

The following table shows the available actions in a sandbox for each sandbox status.

ActionPendingSetupActiveTeardownCompletedOvertimeSaving
View the list of sandboxesvvvvvvv
View the sandbox diagramvvvvvvv
Edit the sandbox (form)vvvxxvv
Extend the sandboxvvvxxvv
End the sandboxxvvxxvv
Delete the sandboxvxxxvxx
Terminate the sandboxxxxvxvx
Execute commandsxxvxxvx
Interact with the sandbox during setupxvvxxxx
Launch applicationsxxvvxvx
Save the sandboxxxvxxxx

Saved Sandboxes

The following table shows which actions are available for each CloudShell user type in a saved sandbox.

ActionSystem adminDomain adminRegular userView-only accessExternal userExtended external user
Restore a saved sandboxvvvxxv
Delete a saved sandboxvvvxxv
View my saved sandboxesvvvxxv
View list of all saved sandboxesvvxxxx

Job Scheduling dashboard

The following table shows which actions are available for each CloudShell user type in the Job Scheduling dashboard. Note that admins can allow regular users to edit and create suite templates using the AllowRegularUsersToEditSnQ key.

note

For brevity, the "Edit" action indicates the user type can create, edit and delete the element.

ActionSystem Administrator userDomain administrator userRegular userView-only accessExternal/extended user
Edit suite templatevvxxx
Customize suite templatevvvxx
View execution reportsvvvxx
Run suite template executionvvvxx
Extend suite template executionvvvxx
Stop suite template executionvvvxx
AdHoc suitevvvxx

Inventory dashboard

The following table shows which actions are available for each CloudShell user type in the Inventory dashboard.

note

For brevity, the "Edit" action indicates the user type can create, edit and delete the element.

ActionSystem Administrator userDomain administrator userRegular userView-only accessExternal/extended user
View resourcesvvvvx
Edit resourcesvvxxx
Reserve resourcesvvvxx
Search within resourcesvvvvx
View abstract resource templatesvvvvx
Edit abstract resource templatesvvxxx
View servicesvvvvx

Insight dashboard

If Sisense is configured to work with SSO from CloudShell, the first time a CloudShell user (any user role) logs in to Insight, a user is created in Sisense with Viewer permissions (CloudShell user must have an email). For designer or admin privileges, customize the user’s role in Sisense or contact Quali Support.

For information about Sisense user permissions, see Sisense Documentation.

Manage dashboard

The following table shows which actions are available for each CloudShell user type in the Manage dashboard. This only applies to system administrators and domain administrators as other user types cannot access this dashboard. Note that system admins can allow domain admins to manage drivers using the HideDriversTabInManage key.

note

For brevity, the "Edit" action indicates the user type can both view and edit the element.

** indicates that the user type can only access the element in their own domain.

ActionSystem Administrator userDomain administrator userRegular userView-only accessExternal/extended user
Edit Appsvv **xxx
Edit Categoriesvxxxx
Edit Shells (See Shells below)vxxxx
View Licensingvxxxx
Edit Domainsvv **xxx
Edit Execution Serversvxxxx
Edit JavaScript Extensionvxxxx
Edit Blueprint Templatesvvxxx
Edit Scriptsvv **xxx
Edit Driversvv **xxx

Shells

The following tables show which Shell management actions are available for each CloudShell user type.

1st Gen Shells

ActionSystem Administrator userDomain administrator userRegular userView-only accessExternal/extended user
Importvvvvx
Modify (Resource Manager Client)vvxxx

2nd Gen Shells

ActionSystem Administrator userDomain administrator userRegular userView-only accessExternal/extended user
Importvxxxx
Add custom attributesvxxxx
Upgradevxxxx
Download from CloudShellvxxxx
Deletevxxxx