The ability to view and manage objects within a Provisioning Services implementation is determined by the administrative role assigned to a group of users. Provisioning Services makes use of groups that already exist within the network (Windows or Active Directory Groups).
All members within a group share the same administrative privileges within a farm. An administrator may have multiple roles if they belong to more than one group.
Groups are managed at the farm level through the Console’s Farm Properties dialog.
The following roles exist within a Provisioning Services farm:
- Farm Administrator – Farm administrators can view and manage all objects within a farm. Farm administrators can also create new sites and manage role memberships throughout the entire farm.
- Site Administrator – Site administrators have full management access to the all objects within a site. For example, a site administrator can manage Provisioning Servers, site properties, target devices, device collections, vDisks, vDisk pools, and local vDisk stores. A site administrator can also manage device administrator and device operator memberships.
- Device Administrator – Device administrators can perform all device-collection management tasks on collections to which they have privileges, including view vDisk properties (read-only), assign or remove vDisks from a device, boot or shut down target devices, edit device properties, and send messages to target devices within a device collection to which they have privileges.
- Device Operator – Device operators can view target device properties (read-only), boot or shut down target devices, and send messages to target devices within a device collection to which they have privileges.