...
An Abiquo scope is a list of resources (enterprises and/or datacenters) for access control. You can add an enterprise or a datacenter to multiple scopes. You can assign one scope to a user and multiple scopes to a resource. Any one scope can be assigned to both a user and a resource. When a scope is assigned to a user, it is called a
A "user scope" or an "administration scope" . A user scope defines the list of resources (datacenters and enterprises) that a user can view and manage, in conjunction with their . A scope works together with the user's privileges and allowed datacenters. In contrast, the privileges assigned to a user's role , which define how the user they can work with resources, for example, as a user or administratoruse resources. So this means that an administrator can deploy virtual machines VMs in any of the datacenters that the user's enterprise is allowed to use (Edit Enterprise, Allowed Datacenters), even if the user's Administration Scope scope does not include these datacentersthem.
When a scope is assigned to a resource, it is called a A "resource scope" . A resource scope is used to share a resource. The users of the enterprises listed in the scopes can access the defines a list of enterprises whose users can access a resource, assuming they have the other required permissions. Examples of resources that can have scopes are a VM template or a VApp spec. An administrator can share resources by selecting a scopescopes for the resource, which can be their own scope and child scopes that are beneath of their scope in a hierarchy, for example.
The following screenshot shows a scope called NationalBRegCandD with three enterprises, and a child scope.
...