Versions Compared

Version Old Version 14 New Version 15
Changes made by

MS (Unlicensed)

MS (Unlicensed)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Table of Contents

...

The platform has two main ways of controlling user access: through roles with privileges, and through scopes (for administration and resources). This document assumes you have a basic understanding of Abiquo roles and scopes. See Manage Roles and Manage Scopes.

Generally Generally, we recommend that you create a tenant admin role for your specific environment based on the default ENTERPRISE_ADMIN role, and then add scope and additional privileges for reseller administrators.

...


...


Create a reseller tenant and scope

A reseller admin will have an administration a user scope that includes the Abiquo enterprises (tenants) that they will manage, which are their customers.

...

  1. Create a scope for your reseller, and select the list of tenants that the reseller will administer and the datacenters that they can work with.
  2. Edit the reseller enterprise and do the following:
    1. Assign the reseller scope as the defaultDefault scope for the enterprise 
    2. Select the Reseller flag, which means that the enterprise will be the reseller for its default scope

The platform will mark the Reseller with (R) in the Enterprise list.

...


...


Create a reseller administrator role

...

A reseller admin role can have a range of privileges depending on how you will manage resellers and cloud users on the platform. So how the reseller will "manage its customers" will vary, depending on the privileges.

Before you create a reseller admin, we recommend that you first extend the standard ENTERPRISE_ADMIN role to create a basic tenant admin role to cover all features for your platform. For example, if your tenant admins should be able to manage hard disks, add this privilege, and so on.

Base reseller privileges

The base privileges for standard reseller admins are these Home view privileges:

...

The reseller admin stays in the enterprise they have switched to until they switch to another. The enterprise does not change when the user logs out and logs in again

Basic reseller privileges

If you wish to maintain a separate administrator account for each tenant, the administrator can log in with a separate user to each tenant that they will administer. In this case, you do not need to add the List enterprises within scope or the Allow user to switch enterprise privilege. We only recommend this option for resellers with a small number of tenants! 

Users view privileges

The users view privileges determine how the administrator can manage their customers and cloud users.

...

Note that although the privilege is called "Manage users of all enterprises", the administrator can only manage the enterprises listed in their scope.

Note that each enterprise must have a default scope, which the platform will assign to all new users in the enterprise. Note that administrators can change the scope. However, administrators who can manage scopes can also assign the enterprise scope to users, even if it is higher than or completely different to their own scope! However, if you are using data aggregation for resellers or key nodes, you must use the enterprise default scope to define the top level scope for the reseller or key node, so it would not be convenient to change it for administrator security.

Shared resource management

...

If the reseller's tenants are part of a scope hierarchy and your reseller does not need to manage their users or enterprises, then you can remove them from your reseller's scope. If you wish to allow your reseller to manage their own scope hierarchy, assign the Manage scopes privilege. This means that the reseller can add their tenants to a scope hierarchy beneath their own scopeNote that each enterprise must have a default scope and you should check that this scope is appropriate (for the enterprise and users) and use the lowest possible scope for the enterprise, because administrators can assign the enterprise scope to users, even if it is higher than or completely different to their own scope!

Reseller Pricing

With the platform's pricing system, you can assign prices to your reseller customers using a pricing model, which has a list of resource prices. Generally, you would enable resellers to view their own pricing model and to create new pricing models for their own customers, based on the prices that you will charge them.

...