This section describes how to control access to all types of networks and IPs except private networks and IPs.
By default, the tenant administrator can work with IPs from all types of networks. To display the available networks go to Virtual datacenters → select virtual datacenter → Network.
In a private cloud datacenter without a network virtualization system, the default types are Private, External, and Public.
Manage virtual network elements
To prevent users from performing the following list of actions in the virtual datacenter, remove the "Manage virtual network elements" privilege from the user role:
- Manage private networks and IPs
- Edit networks to set the default VDC network
- Manage public, NAT, or floating IPs
When the user does not have this privilege, the platform does not display the control buttons for the Networks list and Public IPs.
Manage IPs
To prevent users from obtaining a specific type of IPs to add to VMs, remove the appropriate privileges:
- Manage public IPs
- Manage floating IPs
- Manage NAT IPs
When a user has the Manage virtual network elements privilege but they do not have the Manage public IPs privilege, the control buttons do not display above the IPs panel.
Note that when users have privileges to configure VMs, they can add public, floating and NAT IPs that are already assigned to the VDC and IPs that are available in external networks. And users can always create and add IPs in private networks.