| Concept | Description |
|---|
| Scope | A list of resources (enterprises and/or datacenters) for access control |
| User scope | - The list of resources (datacenters and enterprises) that the user can view and manage.
- Works together with the user's privileges and allowed datacenters
- User can deploy in allowed datacenters, even if they are not in their scope
- Administrator can manage users of the enterprises that are in their scope
|
| Resource scope | - The list of enterprises whose users can access the resource, assuming they have the other required permissions
- Administrator selects scopes to share the resource with users of the enterprises listed in the scopes
- Used for VM templates and VApp specs
Administrator - An administrator can select their own scope, and scopes underneath their scope in the scope hierarchy
|
| Scope hierarchyFor | - One or more scopes with a parent scope
- Used for sharing resources to tenants that are underneath the administrator's scope
- Administrators cannot manage enterprises that are not in their scope but they can share VM templates and VApp specs with these users
|
| Global scope | The default scope for the cloud administrator that always includes all resources and cannot be modified |
| Unlimited scopes | - The following scopes are called unlimited scopes
- The global scope
- Any scope with the Use all enterprises checkbox selected, which will include ALL current and future enterprises
- Any scope with the Use all datacenters checkbox selected, which will include ALL current and future datacenters
- An unlimited scope cannot have a parent scope. It must be at the top of a scope hierarchy
- An unlimited scope has new resources added automatically in its unlimited dimensions, so you will not need to modify it to include new elements.
- Only a user with an unlimited scope can create an unlimited scope in the same dimensions as their scope.
|