Versions Compared

Version Old Version 74 New Version 75
Changes made by

MS (Unlicensed)

Lou M (Unlicensed)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Table of Contents

...

For information about the Abiquo concepts of enterprises and users, see Tenants and users in the Abiquo Walkthrough. 

Tip

API Documentation

For the Abiquo API documentation of this feature, see Abiquo API Resources and the page for this resource RolesResource.

...

To manage roles, go to Users → Roles. By default, you will see the Global roles that are available to all enterprises and the platform will display them with "(Global)" after the name. To display the enterprise roles that belong to a specific enterprise, select the enterprise.

...

Create or modify a role

Abiquo provides a set of default roles and you can clone and modify them to create new roles. See Default roles. See Privileges for a list of the privileges for each role.

...

Field

Description

Role name

The name of the role. Local roles in different enterprises can have the same names

Enterprise

The enterprise that a local role belongs to

Make this role global

To create a global role that can be used in all enterprises, mark the Make this role global checkbox.

Allowed CIDRs

Optional: to create a default list of network addresses from which users with this role can access the platform, enter Allowed CIDRs. You can also set allowed CIDRs for a scope. The user will inherit the role and scope CIDRs. Any allowed CIDRs set directly for the user will have priority over these inherited allowed CIDRs.

External Roles

The corresponding external roles, e.g. LDAP group, for the user. Required in external authentication modes (openid, ldap). A user's external roles must map to a single role (local or global). See  LDAP and Active Directory Integration  and  Abiquo OpenID Connect Integration. You can also set external scopes.

  • Examples for LDAP:

    • ldap_group_01

    • ldap_group_02

  • Example for OpenID:

    • id=admins,ou=group,o=qa,ou=services,dc=openam,dc=forgerock,dc=org

After you create or clone a role, select the role name in the list and edit the privileges as required, then click Save.

Modify the privileges of a role

To modify the privileges of a user role

...

:

Panel

Privilege: Manage privileges

  1. Go to Users → Roles

  2. For a local role, select the enterprise that the role belongs to

  3. Select the role from the Roles list

  4. In the Privileges pane, select or deselect the privileges 

    • To add or remove groups of privileges, click the All privileges checkbox beside the group name

    • You cannot undo but you can discard the changes

  5. Save the changes by clicking Save

    • (warning) The platform will discard your changes if you do an action outside of the Privileges pane, for example, clicking on a another role name

Note

Troubleshooting and tips

Roles

  • The default CLOUD_ADMIN role has all privileges and is locked

  • You can only access roles with the same privileges or fewer privileges than your own role

  • You cannot modify your own role.

Privileges

  • You can only select or deselect privileges that are in your own role

  • Privileges are generally independent.
    For example, for a user with a role without the "Access Infrastructure view" privilege, the Infrastructure icon does not display in the UI. However, if this user's role has the privileges to "Manage datacenters" and "View datacenter details", the user will be able to access these functions through the API

Privileges table

See Privileges

...