Appendix A: Example Authorization Manager Tasks and Operations

Applies To: Windows Server 2008

You can use the example tasks and operations listed here to help create role definitions. Role definitions, combined with scopes and role assignments, help you provide security for your virtualization environment using role-based access control. For more information about role-based access control in Hyper-V, see the following topics in this guide:

Note

You must be a member of the Administrators group on the local computer to modify the default Authorization Manager policy (an XML file) to create role definitions and assignments.

Example tasks and operations

You cannot create or change operations. You can create tasks and role definitions that include different groups of operations to allow a user within that role to perform the task. Some tasks require a complex group of operations. Suggested task names that describe what the tasks do are listed in alphabetical order. The operations required are listed underneath each task name.

Add external network to server

  • Bind to External Ethernet Port

  • Create Internal Ethernet port

  • Connect Virtual Machine

  • Create Virtual Switch

  • Create Virtual Switch Port

  • View External Ethernet Ports

  • View Internal Ethernet Ports

  • View LAN Endpoints

  • View Switch Ports

  • View Switches

  • View Virtual Switch Management Service

  • View VLAN Settings

Add internal network to server

  • Create Internal Ethernet Port

  • Create Virtual Switch

  • Connect Virtual Switch Port

  • Create Virtual Switch Port

  • View Internal Ethernet Ports

  • View LAN Endpoints

  • View Switch Ports

  • View Switches

  • View Virtual Switch Management Service

  • View VLAN Settings

Add private network

  • Connect Virtual Switch Port

  • Create Virtual Switch

  • View Switch Ports

  • View Switches

  • View Virtual Switch Management Service

Apply a snapshot

  • Allow Output from Virtual Machine

  • Pause and Restart Virtual Machine

  • Read Service Configuration

  • Reconfigure Virtual Machine

  • Start Virtual Machine

  • Stop Virtual Machine

  • View Virtual Machine Configuration

Attach internal network adapter to virtual machine

  • Read Service Configuration

  • View Virtual Switch Management Service

  • Connect Virtual Switch Port

  • View Internal Ethernet Ports

  • View LAN Endpoints

  • View Switch Ports

  • View Switches

  • View Virtual Machine Configuration

  • View VLAN Settings

  • Allow Output from Virtual Machine

  • Reconfigure Virtual Machine

  • Create Virtual Switch Port

  • Change VLAN Configuration on Port

Connect to a virtual machine

  • Allow Output from Virtual Machine

  • Allow Input to Virtual Machine

  • Read Service Configuration

Create a virtual floppy disk or virtual hard disk

  • Read Service Configuration

Create a virtual machine

  • Allow Output from a Virtual Machine

  • Change Virtual Machine Authorization Scope

  • Create Virtual Machine

  • Read Service Configuration

  • Optional: Connect Virtual Switch Port

Note

If you do not need this virtual machine connected to a network, you can leave this out. If you want to connect your virtual machine to a network, add this operation.

Delete a private network

  • Delete Virtual Switch

  • View Switch Ports

  • View Switches

  • View Virtual Switch Management Service

Delete a snapshot

  • Read Service Configuration

  • Delete Virtual Machine

Delete a virtual machine

  • Allow Output from Virtual Machine

  • Read Service Configuration

  • Delete Virtual Machine

Export virtual machine

  • Read Service Configuration

  • Allow Output from Virtual Machine

Import virtual machine

  • Allow Output from a Virtual Machine

  • Create Virtual Machine

  • Change Virtual Machine Authorization Scope

  • Read Service Configuration

  • View Virtual Machine Configuration

Modify virtual machine settings (reconfigure a virtual machine)

  • Allow Output from a Virtual Machine

  • Read Service Configuration

  • Reconfigure Virtual Machine

  • View Virtual Machine Configuration

Pass CTRL + ALT + DELETE (send control signals to a virtual machine)

  • Allow Input to a Virtual Machine

  • Allow Output from a Virtual Machine

  • Read Service Configuration

Pause a virtual machine

  • Allow Output from Virtual Machine

  • Pause and Restart Virtual Machine

  • Read Service Configuration

Remove external network from server

  • Delete Virtual Switch

  • Delete Virtual Switch Port

  • Delete Internal Ethernet port

  • Disconnect Virtual Switch Port

  • Unbind External Ethernet Port

  • View Virtual Switch Management Service

  • View External Ethernet Ports

  • View Internal Ethernet Ports

  • View LAN Endpoints

  • View Switch Ports

  • View Switches

  • View VLAN Settings

Remove internal network adapter from a virtual machine

  • Allow Output from Virtual Machine

  • Create Virtual Switch Ports

  • Change VLAN Configuration on Port

  • Disconnect Virtual Switch Port

  • Reconfigure Service

  • Reconfigure Virtual Machine

  • Read Service Configuration

  • View Internal Ethernet Ports

  • View LAN Endpoints

  • View Switch Ports

  • View Switches

  • View Virtual Machine Configuration

  • View Virtual Switch Management Service

  • View VLAN Settings

Remove internal network from server

  • Delete Virtual Switch

  • Delete Virtual Switch Ports

  • Delete Internal Ethernet Ports

  • Disconnect Virtual Switch Ports

  • View Internal Ethernet Ports

  • View LAN Endpoints

  • View Switch Ports

  • View Switches

  • View VLAN Settings

  • View Virtual Switch Management Service

Remove private network from server

  • Delete Virtual Switch

  • View Switch Ports

  • View Switches

  • View Virtual Switch Management Service

Rename a snapshot

  • Allow Output from Virtual Machine

  • Read Service Configuration

  • Reconfigure Virtual Machine

  • View Virtual Machine Configuration

Rename a virtual machine

  • Allow Output from Virtual Machine

  • Read Service Configuration

  • Reconfigure Virtual Machine

  • View Virtual Machine Configuration

Resume a virtual machine

  • Allow Output from Virtual Machine

  • Read Service Configuration

  • Pause and Restart a Virtual Machine

Save a virtual machine and start a virtual machine

  • Allow Output from Virtual Machine

  • Read Service Configuration

  • Stop Virtual Machine

  • Start Virtual Machine

Start a virtual machine

  • Allow Output from Virtual Machine

  • Read Service Configuration

  • Start Virtual Machine

Turn off a virtual machine

  • Allow Output from Virtual Machine

  • Read Service Configuration

  • Stop Virtual Machine

View Hyper-V server settings

  • Allow Output from Virtual Machine

  • Read Service Configuration

  • Reconfigure Service

  • View Virtual Machine Configuration

View network management

  • View Switch Ports

  • View Switches

  • View Virtual Switch Management Service

View virtual machines

  • Allow Output from Virtual Machine

  • Read Service Configuration

  • View Virtual Machine Configuration