Page Comparison

...

You can also control access to features and resources in the platform with privileges and allowed locations.

Display scopes

To display scopes, go to Users → Scopes.

By default, the display and filter of scopes in a scope hierarchy is by level.

When you click on a scope, the platform will display the Enterprises and Datacenters (including public cloud regions) that the scope allows.

...

To move up the hierarchy, click a higher level scope, or click the link to go Back to previous level.

To display all scopes as a list, without the hierarchy level tree:

1. Click the funnel filter button to open the filter options

2. Select Global and click Accept

The platform will now display a list of scopes and their parent scopes.

...

...

Create a scope

You can use scopes as access lists for users, enterprises, and/or resources. You can also use them to define tenant hierarchies for accounting and billing aggregation.

To create a scope do these steps:

1. Go to Users → Scopes

2. Click the + add button

3. For General info:

   1. For the Name, we recommend that you identify the tenant, resource, or user group that the scope will apply to

   2. To add the scope to a hierarchy, select a Parent scope. We recommend that under a hierarchy with limited scopes you should not select unlimited scopes (Use all enterprises and/or Use all datacenters)

   3. To specify attributes of an external system to define the user groups that this scope should apply to, enter External scopes. An example of an external scope could be an LDAP group for the user. This is for external authentication modes, such as OpenID and LDAP. A user's external scopes must map to a single Abiquo scope (local or global). See LDAP and Active Directory Integration and Abiquo OpenID Connect Integration.

   4. To create a default list of network addresses from which users with this scope can access the platform, enter Allowed CIDRs. You can also set allowed CIDRs for a user role. A user will inherit the role and scope CIDRs. Any allowed CIDRs set directly for the user will have priority over these inherited allowed CIDRs.
      

      Image Added

4. For Entities:

   1. Select Enterprises to use in the scope. To automatically include all existing and future enterprises, select the option to Use all enterprises.

      1. If you assign this scope to a user, then the user can manage resources in the list of enterprises selected

      2. If you assign this scope to a resource, then users can access the resources if they belong to the enterprises that are in the scope list

      3. Enterprise default scopes do not use the enterprises list, but enterprise default scopes are the default scope for users you create in the enterprise

   2. Select Datacenters (and public cloud regions) to include in the scope. To automatically include all existing and future datacenters, select the options to Use all datacenters.

      1. If you assign this scope to a user, then the user can manage resources in the list of datacenters selected.

      2. Resource scopes do not use the datacenters list

      3. Enterprise default scopes do not use the datacenters list, but enterprise default scopes are the default scope for users you create in the enterprise
         

         Image Added

After you create a scope, you can assign it to a user, an enterprise, or a resource.

• See Manage users in the section Create a user

• See Manage resource scopes

...

Create a scope for a tenant and its users

...

1. Create a scope for the administrator

   1. On the General info tab, optionally select a parent scope, for example, the Global scope or a reseller scope

      Image Modified

   2. Go to the Entities tab. In the Enterprises list, select the enterprises to administer

   3. In the Datacenters list, select the appropriate locations (datacenters and public cloud regions) to administer
      

...

• You can share resources with your own scope and child scopes of your scope

• Each tenant can belong to more than one scope

• Each scope can have one parent scope only

• The platform will only consider the enterprises in the resource scopes, not the locations.

...

Assign scopes to create a reseller hierarchy

You can use a reseller hierarchy for billing, pricing, and to manage and aggregate your cloud costs and usage. To create a reseller hierarchy, assign scopes to reseller, key node, and reseller customer tenants. 

• Reseller: A reseller enterprise in the hierarchy can use partner or reseller credentials for public cloud (and create accounts and users for customers) and manage billing and pricing for their hierarchy. 

• Key node: A key node is the main enterprise for an organization, for example, the head office. A key node enterprise can obtain aggregate billing and usage data for their hierarchy.

...

To define the hierarchy levels, use the Default scopes of the reseller, key node, and reseller customer enterprises.   

1. Go to Users → Scopes Enterprises

2. For a the reseller and its customers, create scopes. key node enterprises, create a scope

   1. Select an appropriate Parent scope, for example

      1. For a reseller, select the Global scope

       Image Removed

      1.  or no parent scope

      2. For a

      customer of a reseller (

      1. key node

      )

      1. , select the reseller's Default scope as the parent scope

      Image Removed

      2. For a sub-enterprise

      of a customer

      1. of a

      reseller (

      1. key node

      )

      1. , e.g. a Department

      , you will usually just add them to the ResellerCustomerScope.
      But if they will manage their own users, create a scope for them

      1. ,

      and for the Parent scope,

      1. select the key node'

      s scope

   For each scope, for Entities, allow access to Datacenters including public cloud regions as required

   Image Removed

   1. 1. s Default scope as the parent scope

3. Create or edit an enterprise for a Reseller. For the Default scope, select the ResellerScope.
   The platform will automatically add the enterprise to its Default scope

   Image Removed

   Create or edit an enterprise for each customer (Key node) enterprise and any sub-enterprises. For the Default scope, select the ResellerCustomerScope .
   The platform to make it a Reseller or Key node enterprise

4. Set the appropriate scope as the Default scope for the enterprise. Abiquo will automatically add the enterprise to its Default scope

   Image Removed

5. For each enterprise, go to Datacenters and allow access to datacenters and public cloud regions as required.

   Image Removed

...

1. • Note that if you change the default scope of an enterprise,

...

1. • Abiquo will not remove the enterprise from its previous scope

...

Administrators can share VM templates and VApp specs with users in scopes beneath their own Default scope in a hierarchy. Note that it is not mandatory to use resellers and key nodes in a cloud tenant hierarchy.

• Basic scope hierarchy: The administrator for Spain could also have a scope hierarchy beneath the Spain scope that includes the scopes for Eastern Spain and Central and Southern Spain and then their customers at a lower level. The administrator for Spain can only manage the users of the Spanish national organization but they can share templates and Vapp VApp specs with tenants in the scopes at all levels of the hierarchy.
  

  Image Modified

Search and filter scopes

To filter scopes, enter filter text in the search filter box.

...

To search for all scopes that contain a specific enterprise, click the funnel filter button to open the scope filter dialog and select the Enterprise.

...

Create a scope

You can use scopes as access lists for users, enterprises, and/or resources. You can also use them to define tenant hierarchies for accounting and billing aggregation.

To create a scope do these steps:

...

Go to Users → Scopes

...

Click the + add button

For General info:

...

For the Name, we recommend that you identify the tenant, resource, or user group that the scope will apply to

...

To add the scope to a hierarchy, select a Parent scope. We recommend that under a hierarchy with limited scopes you should not select unlimited scopes (Use all enterprises and/or Use all datacenters)

...

To specify attributes of an external system to define the user groups that this scope should apply to, enter External scopes. An example of an external scope could be an LDAP group for the user. This is for external authentication modes, such as OpenID and LDAP. A user's external scopes must map to a single Abiquo scope (local or global). See LDAP and Active Directory Integration and Abiquo OpenID Connect Integration.

...

...

...

For Entities:

1. Select Enterprises to use in the scope. To automatically include all existing and future enterprises, select the option to Use all enterprises.

   1. If you assign this scope to a user, then the user can manage resources in the list of enterprises selected

   2. If you assign this scope to a resource, then users can access the resources if they belong to the enterprises that are in the scope list

   3. Enterprise default scopes do not use the enterprises list, but enterprise default scopes are the default scope for users you create in the enterprise

2. Select Datacenters (and public cloud regions) to include in the scope. To automatically include all existing and future datacenters, select the options to Use all datacenters.

   1. If you assign this scope to a user, then the user can manage resources in the list of datacenters selected.

   2. Resource scopes do not use the datacenters list

   3. Enterprise default scopes do not use the datacenters list, but enterprise default scopes are the default scope for users you create in the enterprise

      Image Removed

After you create a scope, you can assign it to a user, an enterprise, or a resource.

• See Manage users

• See Manage resource scopes

Modify a scope

Notes about modifying scopes:

...

...

• Manage cloud tenants: Manage enterprises

• Create roles with privileges to control access to platform actions: Manage Rolesroles

• Manage users