| Table of Contents |
|---|
| Div | ||
|---|---|---|
| ||
| Excerpt | |||||
|---|---|---|---|---|---|
|
...
An Abiquo scope is a list of resources (enterprises and/or datacenters) for access control.
A "user scope" is the list of resources (datacenters and enterprises) that a user can view and manage. This is also called an "administration scope". This scope works together with the user's privileges and allowed datacenters, which define how they can use resources. So this means that an administrator can deploy VMs in their enterprise's allowed datacenters, even if the administrator does datacenters are not have the datacenters in in the administrator's scope.
A "resource scope" is a list of enterprises whose users can access the resource, assuming they have the other required permissions. For example, administrators select scopes for VM templates and Virtual Appliance Spec blueprints. The administrator selects scopes to share the resources with the users of the enterprises within the scopes. They can select their own scope, and if there is a scope hierarchy, they can select the scopes underneath their scope.
A "scope hierarchy" is for sharing resources to tenants that are below an administrator's own scope. Administrators can only manage users in tenants of their own scope. But they can share VM templates and VApp specs with tenants in scopes below their scope.
The following screenshot shows a scope called NationalBRegCandD with three enterprises, and a child scope.
The Global scope is the default scope for the cloud administrator that contains all elements and it cannot be modified. If you display the default scope, the resource columns are empty because it always includes all resources, so no resources are displayed.
The following scopes are called unlimited scopes:
- The global scope
- Any scope with the Use the Use all enterprises enterprises checkbox selected, which will include ALL current and future enterprises
- Any scope with the Use the Use all datacenters checkbox datacenters checkbox selected, which will include ALL current and future datacenters
...
- User scope for datacenters: An administrator for Spain would have access to all these datacenters, but the administrator for Eastern Spain would only have access to Barcelona and Valencia, which are on the east coast.
- User scopes for enterprises: The administrator for Spain may have scope for Spain that only includes the top-level Spanish national organization to manage its users and resources.
- Scope hierarchy: The administrator for Spain could also have a scope hierarchy beneath the Spain scope that includes the scopes for Eastern Spain and Central and Southern Spain and then their customers at a lower level. The administrator for Spain can only manage the users of the Spanish national organization but they can share templates and Vapp specs with tenants in the scopes at all levels of the hierarchy.
...
| Expand | ||
|---|---|---|
| ||
|
Managing Scopes
...
- To create a limited scope
- If it is within a scope hierarchy, select the parent scope
- Select enterprises and datacenters to include in the scope
- OR To create an unlimited scope , with all for enterprises and/ or datacenters, mark the appropriate checkbox(es).
- Use all enterprises will automatically include all current enterprises and add all new enterprises
- Use all datacenters will automatically include all current datacenters and add all new datacenters
Screenshot: an unlimited enterprises and datacenters scope.
...
Delete a scope
...