App Layering


This article discusses user accounts, roles, and rights.

Built-in administrator account

When you first install the appliance and log onto the management console, there is a built-in Administrator account that you can use to get started. This Administrator has the rights to perform all App Layering operations. You can edit this user’s properties, including the name, password, and contact info. Be sure to change the password for this built-in Administrator account as part of installing and configuring the appliance.

AD user accounts

Other than the built-in Administrator account, all users are actually AD users imported via one or more directory junctions. Once your directory junction(s) have been created, you can assign Roles to each user, as described later in this topic. You can see which roles are assigned to a user in the User Details.

App Layering roles defined

Roles determine which App Layering modules a user can manage. Users assigned one or more roles can log into the management console, and their accounts are listed on the Administrators tab. (select the Users module, and then the Users subtab).


When upgrading from version 4.0.6 or earlier, users assigned the Machine Administrator Role in earlier releases will now be assigned the Read Only role. If the user needs more than read only access, reconfigure the user roles, as needed.

Rights by role

The following list describes each right and its associated role.


  • Can do every operation available in the management console.
  • Only users assigned the Administrator Role can edit user properties on the Users tab (Select Users > Users).
  • Only administrators can configure system settings and manage licenses.

Manage App Layers

  • Can create, edit, and delete application layers and versions.

Manage Elastic Layer Assignments

  • Can add, update, and remove Elastic layer assignments.

Manage Image Templates

  • Can create, edit and delete Image templates.
  • Can add, update, and remove app layer assignments for image templates.
  • Can update platform layer assignments for image templates.
  • Can update OS layer assignments for image templates.

Manage OS Layers

  • Can create, edit, and delete OS layers and versions.

Manage Platform Layers

  • Can create, edit, and delete Platform layers and versions.

Publish Layered Images

  • Can publish layered images.
  • Cannot create or modify existing image templates.

Read Only

  • Can view information about any items in the management console.
  • Cannot launch any wizards or make any changes.
  • The Read Only user cannot cancel any tasks.


  • Has no rights. Non-administrators can only cancel tasks that they themselves create. They cannot cancel tasks from other users with the same permissions.

User credentials for logging into the management console

When you assign Roles to Directory Service users, they can use their Directory Service credentials to log into the management console.

Who can assign App Layering roles?

You can change a user’s role if you are logged into the management console as a user assigned the Administrator role.

Assign roles to users

  1. Log into the management console.

  2. Select Users > Users.

  3. Select a user and click Edit Properties. This opens the Edit User wizard.

  4. Skip to the Roles tab, and select one or more roles for this user. For details, see Rights by Role above.

  5. In the Confirm and Complete tab, click Update User. Any comments you enter will appear in the Information view Audit History.