Skip to main content

Distinguish VM User Profiles from User Profiles

info

There is no connection between VM Profiles and User Profiles. They are fundamentally different from each other and there is no common point attached to them.

VM User Profiles

Virtual Machines User Profiles are profiles that help with standardizing the user management of the VM configurations.

The VM User Profiles may be decided by the size of your VMs.

If your virtual machine is small, VM user profiles may not be necessary.

tip

For larger virtual machines, user profiles are recommended to establish standardized management, clearly define roles and responsibilities, and ensure proper organization.

There are in total, nine permissions for users and eleven permissions for managers as shown in the table below.

PermissionUsersManagersDescription
UsersList, create, delete and modify users.
DrivesList, format, mount and unmount drives.
FilesView, edit, and delete files and Directories.
DownloadTransfer files to tiCrypt Vault from VM.
UploadUpload files to VM and create Directories.
TerminalOpen terminals through tiCrypt and interact with other users' terminals.
AppsAllows VM application access from user desktop.
Account DirectoriesList (all), create, delete and modify Access Directories.
GroupsList (all), create, delete and modify Groups.
StatsView real-time system utilization.
Full drive accessOwner-like manager permissions.
note
  • Every user in the VM who is not using a VM user profile will be set to Custom by default.
  • Every user who is manually given permissions into the VM will be also set to Custom.
info

Contrast

You can be a super-admin in the Virtual Machines in VM user profiles and a standard user in the management in the User profiles tab and vice-versa.

User Profiles

User Profiles are the standard main system profiles that are based on custom permissions set by the admins.

They are being used to "stamp" accounts at any time eliminating the need to configure permissions individually.

For instance, an admin can set up a user profile for the newly activated users, which accelerates the onboarding process and reduces the likelihood of errors with permissions.

note

You can bulk apply a user profile to multiple users in the main system.

There are in total one hundred and forty permissions in tiCrypt user interface as shown in the table below.

ActionNotes
View View system settings (over-rides for deployment file)
Edit Edit (or create) system settings
Delete Delete system settings (will default to deployment file)
View View all users in the system
Edit Edit their own and lower-roled users' metadata
Edit Edit lower-roled users' permissions
Edit Promote lower-roled users up to own role
Edit Demote lower-roled users up to even role
View View profiles (role/permission templates)
Edit Create and edit profiles
Delete Delete profiles
Edit Activate lower-roled users
Edit Deactivate lower-roled users
Edit Require lower-roled users to escrow their key
Create Create teams
Edit Edit any team in the system arbitrarily
Delete Delete any team in the system arbitrarily
Create Add users to any team arbitrarily
View View system settings (overrides for deployment file)
Edit Edit (or create) system settings
Edit Modify any team membership arbitrarily
Delete Remove users from any team arbitrarily
Delete Delete system settings (will default to deployment file)
View View all users in the system
Edit Escrow own key
View Check if own key is escrowed
View View all escrowed keys in the system
View View directories
View List escrow recovery keys
Delete Delete escrowed keys
View View Escrow groups
View View Escrow users
View View metadata for own files (necessary to download)
View View access/sharing/project history of own files
Create Create file metadata
View View keys for own files (necessary to download)
Edit Share own files
Edit Unshare own files
Edit Download own files' content
Create Upload content to own files
Delete Delete own files
Create Create directories
Edit Edit other members in groups they are a member of
Delete Delete directories
Create Create entries in directories
Edit Rename entries in directories
Delete Delete entries in directories
View View groups they are a member of
View View keys for groups they are a member of
Create Create groups
Edit Rename own groups and transfer ownership
Create Add users to groups they are a member of
Delete Remove other users from groups they are a member of
Delete Delete groups they are the owner of
View View all projects in the system
Edit Arbitrarily tag resources with any project
View View own inboxes
Create Create security requirements
Create Create inboxes
Edit Edit security requirements
Delete Delete inboxes
Delete Delete security requirements
View View projects they are a member of
Create Create security levels
View View other members in projects they are a member of
View View all security requirements in the system
View View all security levels in the system
Edit Edit security levels
Delete Delete security levels
Create Create root-level projects
Edit Arbitrarily edit any project
View View own security requirement certifications
Delete Arbitrarily delete any project
View View memberships for every project in the system
Create Arbitrarily add users to any project
Edit Arbitrarily edit any project membership
Delete Arbitrarily remove users from any project
View View drives (inconsistent, see notes)
Edit Classify resources with projects they are active in
Edit Declassify resources tagged with projects they manage
Create Create subprojects of projects they manage
Edit Edit metadata for projects they manage
Delete Delete projects they manage
Create Add users to projects they manage
Edit Edit memberships in projects they manage
Delete Remove users from projects they manage
View View all security requirement certifications in the system
Create Certify users for security requirements
Edit Edit user certifications for security requirements
Delete Delete user certifications for security requirements
View View own VM configs and configs shared with them
Create Create drives
Edit Edit drives (name and whether to disable backup)
View View drive keys (necessary to share/attach)
Edit Share drives
Edit Unshare drives
Edit Attach drives to VMs
Edit Detach drives from VMs
Delete Delete drives they own
View View hardware/image setups made available to them
Create Create (and edit) VM configs
Create Spawn VMs from VM configs
Edit Stop VMs spawned from VM configs
View View own VM username
View View anyone's VM username (necessary for sharing VMS)
Create Create sub-session for VM->Vault direct transfer
View View own VMs and VMs shared with them
Create Spawn VMs (without a config)
Create Connect to own VMs and VMs shared with them
Edit Share VMs with other users
Edit Shutdown own VMs
Delete Delete arbitrary drives
View View storage pools for any Libvirt realm
View Lookup individual Libvirt storage pools
Create Create Libvirt storage pools
Edit Edit Libvirt storage pools
Delete Delete Libvirt storage pools
View View raw Libvirt volumes (images)
Edit Upload raw Libvirt volumes (images)
View View all VM images
Create Create VM images (from Libvirt volumes)
Edit Edit any VM image
Delete Delete any VM image
View View all hardware/image setups in the system
Create Create hardware/image setups
Edit Edit hardware/image setups
Delete Arbitrarily delete any hardware/image setup
View View all VM configs in the system
Edit Arbitrarily edit any VM config
Delete Arbitrarily delete any VM config
View View host machines and hardware information in any Libvirt realm
Create Create new hardware profiles (metadata)
Edit Edit any hardware profile
Delete Delete any hardware profile
Create Register physical VM host machines in Libvirt realms
Edit Edit VM host machine info in any Libvirt realm
Delete Delete VM host machine info in any Libvirt realm
View View external servers (under construction)
Create Create external servers (under construction)
Edit Edit external servers (under construction)
Delete Delete external servers (under construction)
Edit Modify any user's VM username
View Arbitrarily view logs from any VM
Edit Transfer ownership of own files and drives
caution

It is not recommended to manually banter with permissions. Any changes will affect how users operate the system.

tip

We recommend commonly agreed-upon decisions that are carefully considered by the research collective before performing this action.