...
An Abiquo scope is a list of resources (enterprises and/or datacenters) for access control.
A "user scope" or an "administration scope" defines is the list of resources (datacenters and enterprises) that a user can view and manage. A . This is also called an "administration scope". This scope works together with the user's privileges and allowed datacenters, which define how they can use resources. So this means that an administrator can deploy VMs in any of the datacenters that the usertheir enterprise's enterprise is allowed to use (Edit Enterprise, Allowed Datacenters)allowed datacenters, even if the user's scope administrator does not include themhave the datacenters in scope.
A "resource scope" defines is a list of enterprises whose users can access a the resource, assuming they have the other required permissions. Examples of resources that can have scopes are a VM template or a VApp spec. An administrator can share resources by selecting scopes for the resource, which can be their own scope and child scopes of their scope in a hierarchyFor example, administrators select scopes for VM templates and Virtual Appliance Spec blueprints. The administrator selects scopes to share the resources with the users of the enterprises within the scopes. They can select their own scope, and if there is a scope hierarchy, they can select the scopes underneath their scope.
A scope hierarchy is for sharing resources to tenants that are below an administrator's own scope. Administrators can only manage users in tenants of their own scope. But they can share VM templates and VApp specs with tenants in scopes below their scope.
The following screenshot shows a scope called NationalBRegCandD with three enterprises, and a child scope.
The Global scope is the default scope for the cloud administrator that contains all elements and it cannot be modified. If you display the default scope, the resource columns are empty because it always includes all resources, so no resources are displayed.
An unlimited scope is any one of the following The following scopes are called unlimited scopes:
- The global scope
- Any scope with the Use the Use all enterprises enterprises checkbox selected, which will include ALL current and future enterprises
- Any scope with the Use the Use all datacenters checkbox datacenters checkbox selected, which will include ALL current and future datacenters
An unlimited scope is always at the top of the scope hierarchy, which means it cannot have a parent scope. An unlimited scope has new resources added automatically, so you will not need to modify it to include new elements. To create an unlimited scope for enterprises and/or datacenters, your user must have the appropriate unlimited scope.You can create a scope hierarchy for sharing resources to tenants that are below an administrator's own scope in a hierarchy. So administrators can share VM templates and VApp specs with tenants in child scopes of their scope, but administrators manage only the tenants within their own Only a user with an unlimited scope can create an unlimited scope in the same dimensions as their scope.
Scope use cases
A global managed service provider could create a scope for country or region. For example, in Spain, with datacenters in Madrid, Barcelona, Valencia and Seville.
...
Click the add button to create a new scope.
- Enter the scope name
- To create a
...
- limited scope
- If it is within a scope hierarchy, select the parent scope
- Select enterprises and datacenters to include in the scope
- OR To create an unlimited scope
...
- , with all enterprises and/or datacenters, mark the appropriate
...
- checkbox(es).
- Use all enterprises
...
- will automatically include all current enterprises
...
- and add all new enterprises
- Use all datacenters
...
- will automatically include all current datacenters
...
- and add all new datacenters
...
Screenshot: an unlimited enterprises and datacenters scope.
...