Abiquo 4.6.3 introduced small changes to the Default role feature and the VDC roles feature.
When you allow an enterprise to work in a datacenter or public cloud region, you can set a default role to limit user access in this location. See Set a default role to limit tenant access to VDCs in a provider or https://abiquo.atlassian.net/wiki/spaces/doc/pages/311377504/Configure+an+enterprise+in+a+cloud+location#Set-default-user-roles-for-virtual-datacenters-in-a-provider-or-location. And when you create a VDC, you can set a role to limit access to this VDC. See Set a virtual datacenter role to limit user https://abiquo.atlassian.net/wiki/spaces/doc/pages/311370496/Manage+virtual+datacenters#Set-a-virtual-datacenter-role-to-limit-user-access.
Abiquo 4.6.3 introduced a new privilege for managing the default role and a minimum default role for creating VDCs. The Manage VDC default roles privilege will control access to the Default role tab when editing an allowed datacenter or public cloud region for a tenant. Without this privilege the tenant administrators will not be able to modify the default roles assigned by cloud administrators.
In Abiquo 4.7.1 the privilege name changed to Manage enterprise datacenter default roles.
The minimum default role will ensure that a user cannot create VDCs that they will not be able to work with. This is especially useful for cloud providers where VDCs always incur base costs even when they are not in use, for example, AWS charges for the Elastic IP of the NAT gateway. The platform will block users from creating VDCs if the default role will apply to the user and the default role is a Viewer role. This effectively means that if users will have very limited access, an administrator will need to create their VDCs.
...