...
In Abiquo v4.0 the users who can administer shared resources have changed. The first criteria is that the user has access to the shared resource, i.e. their criteria are as follows:
- User enterprise is listed in the
...
- resource scope
- Feature privileges (e.g. Manage VM templates in the Apps library)
- Allow user to switch enterprise privilege (effectively manage shared resources)
- Full datacenter access (Allowed datacenter and User Datacenter scope)
- For virtual appliance specs, users must be logged Logged in to the spec enterprise
The key privilege for managing shared resources is the Allow user to switch enterprise privilege. All administrators that can manage a shared resource can manage that resource fully, e.g. edit, share, delete. The only difference between users with a higher or lower scope is the number of scopes they can select from. If a user with a lower scope modifies scopes, this will not affect any higher scopes that are assigned to the template.
- owner enterprise
An administrator with sharing permissions and unlimited scope can manage all scopes. An administrator with a limited scope can assign the following scopes:
- Own scope
- Child scopes beneath their scope in the hierarchy
- Enterprise default scope
To give an example of the tenant administrator, by default, tenant administrators do not have the Allow user to switch enterprises privilege. This means that they can only work with local resources in their own enterprise and Abiquo will not display the Scopes tab when they edit a template or spec.
...
An administrator with scope privileges and the “Allow user to switch enterprises” privilege
can create a hierarchy by assigning a parent scope to any scope except an unlimited scope. An unlimited scope is the Global scope or a Use all enterprises or Use all datacenters scope.
...