John Howard has a 3-post series on his blog that explains the Hyper-V authorization model, and shows you how to achieve delegated VM administration with AzMan, the engine and toolset for making role based access checks and defining authorization policy that you use in Hyper-V.
If the Authorization Manager Team Blog had some amusing image of a super-hero (cue vo.o. “AZZZ-MANNNN!”), I’d use it here, for grins. They don’t. Instead, they share lots of good info about Hyper-V auth for Role Based Access Control (RBAC).
- Explaining the Hyper-V authorization model, part one
- Explaining the Hyper-V authorization model, part two
- Explaining the Hyper-V authorization model, part three
NOTE: If you manage your Hyper-V environment with SCVMM, see their documentation about authorization, because SCVMM replaces the default Hyper-V authorization store. See this post for the upshot.
For more info see:
- Hyper-V Security Guide
- Planning for Hyper-V Security
- How To: Use Authorization Manager (AzMan) with ASP.NET 2.0
- Getting Started with AzMan C9 Video
- Configure Hyper-V for Role-based Access Control
- Authorization Manager Terminology
- Example Authorization Manager Tasks and Operations
- Hyper-V How To: Script AzMan Scopes for RBAC