Distinguish VM User Profiles from User Profiles
There is no connection between VM Profiles and User Profiles. They are fundamentally different from each other and there is no common point attached to them.
VM User Profiles
Virtual Machines User Profiles are profiles that help with standardizing the user management of the VM configurations.
The VM User Profiles may be decided by the size of your VMs.
If your virtual machine is small, VM user profiles may not be necessary.
For larger virtual machines, user profiles are recommended to establish standardized management, clearly define roles and responsibilities, and ensure proper organization.
There are in total, nine permissions for users and eleven permissions for managers as shown in the table below.
Permission | Users | Managers | Description |
---|---|---|---|
Users | ✅ | ✅ | List, create, delete and modify users. |
Drives | ✅ | List, format, mount and unmount drives. | |
Files | ✅ | ✅ | View, edit, and delete files and Directories. |
Download | ✅ | ✅ | Transfer files to tiCrypt Vault from VM. |
Upload | ✅ | ✅ | Upload files to VM and create Directories. |
Terminal | ✅ | ✅ | Open terminals through tiCrypt and interact with other users' terminals. |
Apps | ✅ | ✅ | Allows VM application access from user desktop. |
Account Directories | ✅ | ✅ | List (all), create, delete and modify Access Directories. |
Groups | ✅ | ✅ | List (all), create, delete and modify Groups. |
Stats | ✅ | ✅ | View real-time system utilization. |
Full drive access | ✅ | Owner-like manager permissions. |
- Every user in the VM who is not using a VM user profile will be set to
Custom
by default. - Every user who is manually given permissions into the VM will be also set to
Custom
.
Contrast
You can be a super-admin in the Virtual Machines in VM user profiles and a standard user in the management in the User profiles
tab and vice-versa.
User Profiles
User Profiles are the standard main system profiles that are based on custom permissions set by the admins.
They are being used to "stamp" accounts at any time eliminating the need to configure permissions individually.
For instance, an admin can set up a user profile for the newly activated users
, which accelerates the onboarding process and reduces the likelihood of errors with permissions.
You can bulk apply a user profile to multiple users in the main system.
There are in total one hundred and forty permissions in tiCrypt user interface as shown in the table below.
Action | Notes |
---|---|
View | View system settings (over-rides for deployment file) |
Edit | Edit (or create) system settings |
Delete | Delete system settings (will default to deployment file) |
View | View all users in the system |
Edit | Edit their own and lower-roled users' metadata |
Edit | Edit lower-roled users' permissions |
Edit | Promote lower-roled users up to own role |
Edit | Demote lower-roled users up to even role |
View | View profiles (role/permission templates) |
Edit | Create and edit profiles |
Delete | Delete profiles |
Edit | Activate lower-roled users |
Edit | Deactivate lower-roled users |
Edit | Require lower-roled users to escrow their key |
Create | Create teams |
Edit | Edit any team in the system arbitrarily |
Delete | Delete any team in the system arbitrarily |
Create | Add users to any team arbitrarily |
View | View system settings (overrides for deployment file) |
Edit | Edit (or create) system settings |
Edit | Modify any team membership arbitrarily |
Delete | Remove users from any team arbitrarily |
Delete | Delete system settings (will default to deployment file) |
View | View all users in the system |
Edit | Escrow own key |
View | Check if own key is escrowed |
View | View all escrowed keys in the system |
View | View directories |
View | List escrow recovery keys |
Delete | Delete escrowed keys |
View | View Escrow groups |
View | View Escrow users |
View | View metadata for own files (necessary to download) |
View | View access/sharing/project history of own files |
Create | Create file metadata |
View | View keys for own files (necessary to download) |
Edit | Share own files |
Edit | Unshare own files |
Edit | Download own files' content |
Create | Upload content to own files |
Delete | Delete own files |
Create | Create directories |
Edit | Edit other members in groups they are a member of |
Delete | Delete directories |
Create | Create entries in directories |
Edit | Rename entries in directories |
Delete | Delete entries in directories |
View | View groups they are a member of |
View | View keys for groups they are a member of |
Create | Create groups |
Edit | Rename own groups and transfer ownership |
Create | Add users to groups they are a member of |
Delete | Remove other users from groups they are a member of |
Delete | Delete groups they are the owner of |
View | View all projects in the system |
Edit | Arbitrarily tag resources with any project |
View | View own inboxes |
Create | Create security requirements |
Create | Create inboxes |
Edit | Edit security requirements |
Delete | Delete inboxes |
Delete | Delete security requirements |
View | View projects they are a member of |
Create | Create security levels |
View | View other members in projects they are a member of |
View | View all security requirements in the system |
View | View all security levels in the system |
Edit | Edit security levels |
Delete | Delete security levels |
Create | Create root-level projects |
Edit | Arbitrarily edit any project |
View | View own security requirement certifications |
Delete | Arbitrarily delete any project |
View | View memberships for every project in the system |
Create | Arbitrarily add users to any project |
Edit | Arbitrarily edit any project membership |
Delete | Arbitrarily remove users from any project |
View | View drives (inconsistent, see notes) |
Edit | Classify resources with projects they are active in |
Edit | Declassify resources tagged with projects they manage |
Create | Create subprojects of projects they manage |
Edit | Edit metadata for projects they manage |
Delete | Delete projects they manage |
Create | Add users to projects they manage |
Edit | Edit memberships in projects they manage |
Delete | Remove users from projects they manage |
View | View all security requirement certifications in the system |
Create | Certify users for security requirements |
Edit | Edit user certifications for security requirements |
Delete | Delete user certifications for security requirements |
View | View own VM configs and configs shared with them |
Create | Create drives |
Edit | Edit drives (name and whether to disable backup) |
View | View drive keys (necessary to share/attach) |
Edit | Share drives |
Edit | Unshare drives |
Edit | Attach drives to VMs |
Edit | Detach drives from VMs |
Delete | Delete drives they own |
View | View hardware/image setups made available to them |
Create | Create (and edit) VM configs |
Create | Spawn VMs from VM configs |
Edit | Stop VMs spawned from VM configs |
View | View own VM username |
View | View anyone's VM username (necessary for sharing VMS) |
Create | Create sub-session for VM->Vault direct transfer |
View | View own VMs and VMs shared with them |
Create | Spawn VMs (without a config) |
Create | Connect to own VMs and VMs shared with them |
Edit | Share VMs with other users |
Edit | Shutdown own VMs |
Delete | Delete arbitrary drives |
View | View storage pools for any Libvirt realm |
View | Lookup individual Libvirt storage pools |
Create | Create Libvirt storage pools |
Edit | Edit Libvirt storage pools |
Delete | Delete Libvirt storage pools |
View | View raw Libvirt volumes (images) |
Edit | Upload raw Libvirt volumes (images) |
View | View all VM images |
Create | Create VM images (from Libvirt volumes) |
Edit | Edit any VM image |
Delete | Delete any VM image |
View | View all hardware/image setups in the system |
Create | Create hardware/image setups |
Edit | Edit hardware/image setups |
Delete | Arbitrarily delete any hardware/image setup |
View | View all VM configs in the system |
Edit | Arbitrarily edit any VM config |
Delete | Arbitrarily delete any VM config |
View | View host machines and hardware information in any Libvirt realm |
Create | Create new hardware profiles (metadata) |
Edit | Edit any hardware profile |
Delete | Delete any hardware profile |
Create | Register physical VM host machines in Libvirt realms |
Edit | Edit VM host machine info in any Libvirt realm |
Delete | Delete VM host machine info in any Libvirt realm |
View | View external servers (under construction) |
Create | Create external servers (under construction) |
Edit | Edit external servers (under construction) |
Delete | Delete external servers (under construction) |
Edit | Modify any user's VM username |
View | Arbitrarily view logs from any VM |
Edit | Transfer ownership of own files and drives |
It is not recommended to manually banter with permissions. Any changes will affect how users operate the system.
We recommend commonly agreed-upon decisions that are carefully considered by the research collective before performing this action.