Versions Compared

Version Old Version 73 New Version 74
Changes made by

Lou M (Unlicensed)

MS (Unlicensed)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

...

Table of Contents

To define how a user can work with resources, each user has a role with a group of privileges that allow access to different cloud features. You can create roles for each group of users such as cloud administrators, resellers, tenant administrators, standard users, and so on.

...

For information about the Abiquo concepts of enterprises and users, see Tenants and users in the Abiquo Walkthrough. 


title
Tip

API Documentation

For the Abiquo API documentation of this feature, see Abiquo API Resources and the page for this resource RolesResource.


Panel
borderColor#ff9900
borderWidth1
borderStylesolid

Privileges: Access Roles and Scope screens

...

Panel
borderColor#ff9900
borderWidth1
borderStylesolid

Privileges: Access Roles and Scope screens, Manage roles, Manage global role

A user can only have one role, but a role can be associated with multiple OpenID, AD, or LDAP groups. To clone a role, click the clone button. By default the new role will have "Copy:" added to its name, for example, "Copy: CLOUD_ADMIN".

To create or modify a role:

  1. Go to UsersRoles

  2. Click the + add button or edit button and complete the following dialog.

...

Field

Description

Role name

The name of the role. Local roles in different enterprises can have the same names

Enterprise

The enterprise that a local role belongs to

Make this role global

To create a global role that can be used in all enterprises, mark the Make this role global checkbox.

Allowed CIDRs

Optional: to create a default list of network addresses from which users with this role can access the platform, enter Allowed CIDRs. You can also set allowed CIDRs for a scope. The user will inherit the role and scope CIDRs. Any allowed CIDRs set directly for the user will have priority over these inherited allowed CIDRs.

External Roles

The corresponding external roles, e.g. LDAP group, for the user. Required in external authentication modes (openid, ldap). A user's external roles must map to a single role (local or global). See  LDAP and Active Directory Integration  and  Abiquo OpenID Connect Integration. You can also set external scopes.

  • Examples for LDAP:

    • ldap_group_01

    • ldap_group_02

  • Example for OpenID:

    • id=admins,ou=group,o=qa,ou=services,dc=openam,dc=forgerock,dc=org


After you create or clone a role, select the role name in the list and edit the privileges as required, then click Save.

Modify the privileges of a role

Include Page
Modify the privileges of a role
Modify the privileges of a role

Privileges table

See Privileges


Related pages