Authorization in Parallels Agent is based on the concept of security roles. A security role is identified by its unique name and contains a list of Agent tasks that it is allowed to perform. An administrator would first create a security role granting the desired Agent access rights to it. An administrator would then create a role assignment. Role assignment is a logical grouping of users belonging to the same security role. Role assignment has a property called scope. A scope is the logical area of a Virtuozzo system where this role assignment is allowed to operate. Scope examples include the entire Hardware Node together with Virtuozzo Containers hosted by it, a particular Virtuozzo Container, or a group of Containers.
For example, you can create a security role that can start, stop, and restart a Virtuozzo Container. You can then create a user (or multiple users) and add them to that role. At the same time, you create a scope containing a list of some existing Virtuozzo Containers and select it to be the scope of that role assignment. As a result, your user(s) will be allowed to start, stop, and restart the Containers specified in the scope. They will not be allowed to perform any other operations, and they will not have access to other Containers that may exist on the same host.