I still remember some of my first questions when working with an early test version of Hyper-V (previously known under a wide variety of different names). OK, I admit that it wasn’t all that long ago. One of my main questions was related to managing permissions for virtual machines. After all, not every user (or administrator) should have full permissions on each VM. Well, Hyper-V does provide flexible and manageable methods for setting up roles and permissions.
My recently SearchServerVirtualization.com article, Managing Hyper-V’s Security Permissions, describes the details. From the introduction:
The burdens of managing security permissions are rarely seen as exciting, but they’re an essential duty to which we systems administrators are sworn to carry out. In this tip, I’ll talk about how you can configure and manage permissions for your Hyper-V host servers.
We all rely on a variety of different security methods to ensure that only authorized users can access data center resources. Specific components of overall security range from physical access limitations to network authentication and permissions management. Virtualization brings with it some new requirements, namely the ability to specify which types of actions users can take on host systems.
It’s certainly possible for administrators to manage virtual machines when they don’t have access to the guest OSes themselves. The ability to granularly define authorization rules is essential for production servers. Fortunately, Hyper-V provides methods for defining and maintaining these permissions. But, as you’ll soon see, it’s not an entirely intuitive approach.
The article provides details, steps, and screenshots that help describe the use of the powerful (but unfortunately nick-named) AzMan.