Versions Compared

Old Version 5

changes.mady.by.user MS

Saved on

compared with

New Version Current

changes.mady.by.user MS

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Div
classtocc
Table of Contents

...

Table of Contents


A resource scope is assigned to a resource, such as a VM template or a VApp spec, and it controls resource sharing. A VM template or VApp spec can have multiple scopes and these resource scopes work in conjunction with other access controls. For example, for administrators these are user role privileges, enterprise allowed datacenters, user datacenter scope, and in addition, for specs, access to the spec owner enterprise.The administrator assigns the scopes to the resource itself and Abiquo gets the list of enterprises in the scopes and allows the users of those enterprises to access the resource. If the scopes are part of a hierarchy, then an administrator can share resources by selecting child scopes that are beneath their scope in the hierachy.For example, for virtual machine templates, the template scopes define a list of tenants whose users can access a shared template, as well as the administrators who can manage it.  

(The scopes applied to users are called user scopes, for more information about user scopes, see the Manage Scopes page)

Pricing scope for pricing models

Abiquo controls access to pricing models with a simple scope, according to these rules:

  • When a user creates a pricing model, Abiquo automatically assigns the user's scope for tenants (which is a list of enterprises the user can manage). You cannot change this scope or display it in the UI
  • Abiquo only allows users with the same tenant scope (who can administer exactly the same enterprises) to manage the user's pricing models
  • All users with pricing privileges can view the pricing model assigned to their own tenant

Template scopes for virtual machine templates

...

titleChanges to scopes in 4.0

...

resource, if they have the other required permissions. Resource scopes apply to VM templates and application blueprints (VApp specs).

To share a resource with enterprises, administrators select a set of scopes to assign to the resource. The users of the enterprises listed in the scopes can then access the resource.

Share VM templates, script templates, and VApp specs

The administrator can use scopes to share VM templates, script templates, and blueprints (VApp specs) if they have the Allow user to switch enterprises privilege and administrator access to the resource in the enterprise that owns it.

The administrator can share a VM template, script template, or VApp spec with their own scope, other available scopes, or a child scope in their hierarchy.

Administrators can use scopes for precise control over access to shared templates. In order to work with VM templates, administrators will require the appropriate Apps library privileges and full access to the datacenter (with Datacenter scope and Allowed datacenter), and (in Abiquo 4.0.1+) they must be logged in to the spec owner enterprise.

...

The cloud administrator can add one or more scopes to a template, including the global scope.The global scope means that users from all current and future enterprises can access this template.

Image Removed

Spec scopes for virtual appliance specs

Administrators can use scopes for precise control over access to VApp specs. In order to work with specs, administrators will require the appropriate Virtual appliance specs and Apps library privileges and full access to the datacenter (Datacenter scope and Allowed datacenter) and they must be logged in to the spec owner enterprise.

...

The cloud administrator can add one or more scopes to a spec, including the global scope. 
 

Image Removed

Resource scope example

This example applies to template and spec scopes.

Include PageTEXT Resource scopes exampleTEXT Resource scopes exampleTo share a VM template or a script template:

  1. Log in or switch to the enterprise that owns the template

  2. Go to Catalogue and select a datacenter or public cloud region

  3. Edit a template and go to Scopes

  4. Select one or more available scopes

    • To allow all current and future users to access the resource, select the Global scope or another unlimited scope

...

To share a spec:

  1. Create a spec or edit a spec in the owner enterprise

  2. Add one or more available scopes. 

...

Scope hierarchy example

An example scope hierarchy may include many levels. For example, a platform owner, resellers, customers, and departments.

In this case, the platform owner may manage global administrator users in their own scope. And then they may share templates and specs with other levels, for example, resellers and customers.

If the customers have a scope hierarchy for their departments, then customers may be able to share resources with the departments by scope. 

 

...

Resource scope FAQ

Q: Which administrators can edit VM templates, script templates, and VApp specs? 

A: Administrators in the owner enterprise (creator) with permissions to administer other enterprises

Q: How can admins share resources to users of other enterprises?

A: Assign scopes that contain the enterprises in their Enterprises list.

  • Abiquo reads the list of enterprises in the scopes and allows users from these enterprises to use the resources

  • Administrators can share templates with scopes in their own scope and scopes below their scope in the scope hierarchy tree