Share via


How to Create a Self-Service User Role

Applies To: Virtual Machine Manager 2008, Virtual Machine Manager 2008 R2, Virtual Machine Manager 2008 R2 SP1

The self-service user role grants users permissions to create, operate, manage, store, create checkpoints for, and connect to their own virtual machines through the Virtual Machine Manager Self-Service Portal.

Note

For more information about creating and managing self-service user roles, see Role-Based Security in VMM (https://go.microsoft.com/fwlink/?LinkID=145061).

To create a self-service user role

  1. In the VMM Administrator Console, in User Roles view, click New User Role in the Actions pane.

  2. Complete the New User Role Wizard.

Wizard Page Action

General

Type a User role name and Description, then select Self Service User in the Profile list.

Add Members

Click Add and then type the names of the users or groups you want to add to this role.

Select Scope

Select the host groups on which users will deploy their virtual machines.

Virtual Machine Permissions

Select the actions that you want to allow the members of this group to perform on virtual machines. You can select All actions, or grant a set of actions by selecting one or more of the following:

  • Start

  • Stop

  • Pause and resume

  • Checkpoint—Allows the user to create and remove checkpoints, and to restore their virtual machines to a previous checkpoint. For more information, see About Checkpoints (https://go.microsoft.com/fwlink/?LinkID=162783).

  • Remove—Allows the user to remove virtual machines, deleting the configuration files.

  • Local Administrator—Allows the user to set the local administrator password when creating a virtual machine so that the user has administrator rights and permissions on the virtual machine.

  • Remote connection—Allows the user to remotely control the virtual machine.

  • Shut down

Virtual Machine Creation Settings

You can allow the members of the self-service user group to create virtual machines, assign virtual machine templates for the self-service users to use, and optionally set a virtual machine quota to limit the number of virtual machines the users can deploy at one time.

If you select Allow users to create new virtual machines, you must specify a template that users will use to create their virtual machines. To add templates:

  1. Click Add.

    The Select a Template dialog box displays the templates that are available in the Virtual Machine Manager library.

  2. To add a template, select the template and click OK.

    For information about creating templates, see Working with Virtual Machine Templates (https://go.microsoft.com/fwlink/?LinkID=163002).

To set a virtual machine quota:

  1. Select Set quota for deployed virtual machines.

  2. In Maximum quota points allowed for this user role, specify how many quota points the users in this role will be allowed. This will allow each user in this user role to create virtual machines until they have reached this quota. To limit the user role as a group to the maximum quota points, select the Share quota across user role members check box. This will allow the group to create virtual machines until the group has reached the quota, regardless of how many points each individual has deployed.

    The virtual machine template determines the number of quota points assigned to each virtual machine that is created from it.

Library Settings

You can grant members of the self-service user group access to a library share. If you allow the self-service users to store their virtual machines on a library share, the stored virtual machines do not count against any virtual machine quota that you set when allowing self-service users to create a virtual machine.

The virtual machines are stored on the path that you specify on an existing library share. The self-service users do not know the physical location of their stored virtual machines. For information about adding library servers and shares, see Adding File-Based Resources to the Library (https://go.microsoft.com/fwlink/?LinkId=162788).

If you select Allow users to store virtual machines in a library, you need to specify where to store the virtual machines. Additionally, you can allow users to attach ISO images to their virtual machines by selecting a Library path that contains ISO images.

  1. Select the library server and share from the Select the library server and library share that will store users’ virtual machines and available ISOs list.

  2. To specify a path for the virtual machines on the selected library server, click Browse by the Library path field, and then navigate to the folder where you want to store the virtual machines. To allow users to attach ISO images to their virtual machines, select the folder containing the ISO images the users should have access to.

    The Select Destination Folder dialog box shows only folders within designated library shares. For information about adding shares to a library server, see How to Add Library Shares (https://go.microsoft.com/fwlink/?LinkId=162801).

Summary

Review the User Role settings. To change settings, click Previous. To create the User Role, click Create.

Note

Use the View Script button to display the Windows PowerShell - Virtual Machine Manager cmdlets that will perform the operation. All administrative tasks in Virtual Machine Manager can be performed at the command line or scripted.

See Also

Concepts

Managing User Roles
How to Create a Delegated Administrator User Role

Other Resources

Role-Based Security in VMM
About the VMM Self-Service Portal
Hardening VMM Self-Service Web Servers