Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Table of Contents
Panel
bgColor#FFFAE6

This page describes how to configure control user access to features, actions, and resources.

For information about how to control user access to the platform, such as, how to block users or reset passwords, see Manage Define user access to the platform

Define which actions a group of users can perform on the platform

Each user has a role with a group of privileges that allow access to different cloud features. To change user access to features, modify the user role and add or remove privileges. 

See Create a user roleManage roles

Define which cloud locations users can deploy in

You can allow each tenant to access a set of cloud locations (including providers, public cloud regions, and datacenters).  All the users of a tenant can deploy in the allowed locations.

See Configure an enterprise in a cloud location

Define which resources an administrator can manage

Each user has a scope that includes a list of enterprises and locations.

...

Administrators with the appropriate privileges can manage the cloud locations listed in their scope, assuming that their tenant also has access to these locations.

See Create a scopeManage scopes

Restrict a user to a set of virtual datacenters

If the user does not have the No VDC restriction privilege, the user can have a VDC access list. This means that the user will only be able to access the VDCs on the list.

See Create a user

Create a read-only user

To create a read-only user, assign the ENTERPRISE_VIEWER role to the user. 

See Create a user

Restrict user activity in a specific virtual datacenter

To allow users to perform a limited set of actions in a specific virtual datacenter, assign a role to the virtual datacenter. Users will only be able to perform the actions of the virtual datacenter role.  Of course, you can create exceptions for selected users. And users will not be able to gain access to new features from the virtual datacenter role. For example, you can create a virtual datacenter where the users have read-only access.

See Control access with VDC roles

Allow users to outsource their VMs

Administrators can create restricted virtual appliances, which means that users cannot access the VMs without the appropriate privileges. However, the VMs are still running in the user's tenant, which enables you to bill the tenant for the virtual resources.

See https://abiquo.atlassian.net/wiki/spaces/doc/pages/367394986/Move+virtual+machines#Move-a-VM-to-a-restricted-virtual-appliance

Require users to get approval for all VM launch, deploy, and reconfigure actions

You can create a workflow connector to use the Workflow feature to hold deploy actions (deploy, undeploy, reconfigure) until an external system approves the changes. 

See Abiquo workflow feature/wiki/spaces/doctest/pages/311374701