Versions Compared

Old Version 115

changes.mady.by.user MS

Saved on

compared with

New Version 116

changes.mady.by.user MS

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Table of Contents

...

Info

This is a general guide to creating a scope. But there is There are more specific guidance guides for creating different kinds of scopes in the sections below.

...

  1. Go to UsersScopes

  2. Click the + add button

  3. For General info:

    1. For the Name, we recommend that you identify the tenant, resource, or user group that the scope will apply to

    2. To add the scope to a hierarchy, select a Parent scope. We recommend that under a hierarchy with limited scopes you should not select unlimited scopes (i.e. do not select Use all enterprises and/or Use all datacenters)

    3. To specify attributes of an external system to define the user groups that this scope should apply to, enter External scopes. An example of an external scope could be an LDAP group for the user. This is for external authentication modes, such as OpenID and LDAP. A user's external scopes must map to a single Abiquo scope (local or global). See LDAP and Active Directory Integration and Abiquo OpenID Connect Integration.

    4. To create a default list of network addresses from which users with this scope can access the platform, enter Allowed CIDRs. You can also set allowed CIDRs for a user role. A user will inherit the role and scope CIDRs. Any allowed CIDRs set directly for the user will have priority over these inherited allowed CIDRs.

      Create scope - general information

  4. For Entities:

    1. Select Enterprises to use in the scope. To automatically include all existing and future enterprises, select the option to Use all enterprises.

      1. If you assign this scope to a user, then the user can manage resources in the list of enterprises selected

      2. If you assign this scope to a resource, then users can access the resources if they belong to the enterprises that are in the scope list

      3. Enterprise default scopes do not use the enterprises list, but An enterprise default scopes are scope is the default scope for users you create in the enterprise

    2. Select Datacenters (and public cloud regions) to include in the scope. To automatically include all existing and future datacenters, select the options option to Use all datacenters.

      1. If you assign this scope to a user, then the user can manage resources in the list of datacenters selected.

      2. Resource scopes do not use the datacenters list

      3. Enterprise default scopes do not use the datacenters list, but An enterprise default scopes are scope is the default scope for users you create in the enterprise

        Create scope - entities

...

Generally, a user should only be able to access their own tenant enterprise and its resources. The most basic scope is a single enterprise scope that contains the user's enterprise.

Another basic scope is for a key node enterprise with a group of enterprises below it. This could be a for an organization and its departments, and it could represent an AWS organization account, where you can add the AWS account for each department.

To create a basic scope and assign it to a tenant and the tenant's users:

...

  • You can share resources with your own scope and child scopes of your scope

  • Each tenant can belong to more than one scope

  • Each scope can have one parent scope only

  • The platform will only consider the enterprises in the resource scopes, not the locations.

...

Assign scopes to create a reseller hierarchy

You can use a reseller hierarchy for billing, pricing, and to manage and aggregate your cloud costs and usage. To create a reseller hierarchy, assign scopes to reseller, key node, and reseller customer tenants. 

...