| Concept | Description |
|
|---|
| Scope | A list of resources (enterprises and/or datacenters) for access control |
|
| User scope | - The list of resources (datacenters and enterprises) that the user can view and manage.
- Works together with the user's privileges and allowed datacenters
| - User can deploy in allowed datacenters, even if they are not in their scope
- Administrator can manage users of the enterprises that are in their scope
|
| Resource scope | - The list of enterprises whose users can access the resource, assuming they have the other required permissions
- An Administrator selects scopes to share the resource with users of the enterprises listed in the scopes
|
- Used for VM templates and VApp specs
- An administrator can select their own scope, and scopes underneath their scope in the scope hierarchy
|
| Scope hierarchy | - A parent scope and one or more child scopes
- Used for sharing resources to tenants that are underneath the administrator's scope
| - Administrators cannot manage enterprises that are not in their own scope but they
- Administrators can share VM templates and VApp specs with users in scopes beneath their own scope
|
| Global scope | The default scope for the cloud administrator that always includes all resources and cannot be modified |
|
| Unlimited scopes | - The following scopes are called unlimited scopesThe global scope
- Any A scope with the Use all enterprises checkbox selected - includes ALL current and future enterprises
- Any A scope with the Use all datacenters checkbox selected - includes ALL current and future datacenters
| - An unlimited scope cannot have a parent scope. It must be at the top of a scope hierarchy
- An unlimited scope has new resources added automatically in its unlimited dimensions, so you will not need to modify it to include new elements.
- Only a user with an unlimited scope can create an unlimited scope in the same dimensions as their scope.
|