Subscription Permissions in Plesk
Setting permissions on a Hosting Plan allows a non-privileged user to make administrative-level changes that only affect a single subscription at a time. This can include various hosting features such as SSL support, Perl or Python language support, and the ability to install software from the Application Catalog. You can choose to allow as much or as little as you like. If you are planning to resell your web hosting, you may want to make some of the more advanced features into add-on packages. Even if you are planning to host only one website, though, you should still make sure as few features are enabled as are needed to run your site, to reduce any security risks.
DNS zone management
This setting allows a user to manage the DNS zones that are on their account. Most web hosts consider this to be a basic feature, so it should be turned on unless you have a truly compelling reason to turn it off.
Hosting settings management
It is possible to allow your users to make any changes to their hosting settings (the Hosting Parameters and PHP Settings tabs described later) if their web application needs it. However, this can potentially cause problems with security if you are not careful. If you are only allowing application installs through the Application Catalog, you do not usually need to enable this setting, but for anything remotely custom it will need to be turned on. In any case, this is another option that should be enabled in order to provide what most other web hosts can offer. We will manage the security implications later.
Common PHP settings management
Some web applications require specific settings in
php.ini in order to function correctly - and those may not be options you would want to have set in the global configuration. As with several other settings, this should be enabled for basic web hosting.
Setup of potentially insecure web scripting options that override provider's policy
Needless to say, it's best to follow the recommendation in this item's description and disable this setting. This will help to manage most of the security problems that can be encountered from enabling "Hosting settings management" above. You should have little to no reason to enable this feature, and if you find one it should be strongly questioned why there isn't a better way.
Management of access to the server of SSH
You can choose to allow users to log in via SSH to your server. This may or may not be desirable to you, depending on how familiar you are with the server's command line. It's generally safe to allow access to a chrooted environment for logins, though, and it will make it easier for some advanced users to manage their files. A chrooted shell is one that only allows access to a portion of the filesystem by setting the "root" of the filesystem within a directory, such as the user's web account. For the purposes of this tutorial, choose to allow access only to a chrooted environment.
Some web software either suggests or requires the ability to set up a Scheduled Task (called a "cron job" in Linux terminology) in order to function. Like DNS zone management, this is considered a basic function by many web hosts, though you will need to be careful that users don't set up tasks that cause trouble for your server. For now, enable this item.
Data backup and restoration using the server repository
When a user makes a backup of their account, you can choose to allow the backup to remain in your server's backup repository. These backups do not count against the user's disk space quota, so you may want to secretly double the size of their account in your head when you decide to enable this option. Backups in your repository help both you and your client if a site needs to be restored because it's usually a few clicks away from being done. However, if you are short on disk space or if you think you might need the space it would take up, you can disable this option. We will leave it enabled for now.
Data backup and restoration using a personal FTP repository
If you have turned off the ability to store backups to the server's repository, you should at least turn this option on so customers can have a backup sent to an FTP account. The backups only last as long as it takes to transfer them via FTP, so they will usually take up much less space at a time than storing them in the repository. If you are the only person using this server, you may also be able to turn this option off as well and choose to make server-wide backups instead. As with its sister option, we will leave this one enabled for now.
Web statistics management
Plesk currently uses either AWStats or Webalizer (not both) for website statistics on a domain. You can choose to only allow a specific statistics processor (more on that later), but most users will expect to be able to choose the one they want. You should ensure this box is checked.
Log rotation management
Like backups, logs do not count toward the disk space usage on an account. Because of this, and because for security purposes a user should not change how logging works on their domain, you should disable this option. If you find that logs for a domain are rotating too frequently for a user, you should find out why and change this only as necessary.
Access to application catalog
The Application Catalog is a repository of web applications that either you or your users can install on a domain. If you have a reason to severely limit what may be installed in an account, you may want to turn this off. However, Application Catalog installations tend to be much easier to manage, work with Plesk's backup system, and do some minor integration with the Panel, so you should consider leaving this turned on.
Next: Advanced Subscription Permissions
Introduction to Plesk Administration