Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 59 Next »

Manage scopes page


Changes to scopes from Abiquo 4.0

  • Now administrators assign scopes to Abiquo users. In previous versions, administrators assigned scopes to Abiquo roles and the global scope was the default
    • During the upgrade process to version 4.0, Abiquo assigns role scopes to users
  • All enterprises must now have a default scope for creating users
  • Administrators can now create optional hierarchies of scopes and share resources, such as templates and specs, with tenants at lower levels of their hierarchies

Scope concepts

Concept_______DescriptionNotes
Scope
  • A list of resources (enterprises and/or datacenters) for access control

User scope
  • The list of resources (datacenters and enterprises) that the user can view and manage.
  • The user must also have the other required permissions (privileges and allowed datacenters)

A user can deploy in allowed datacenters, even if they are not in their scope.
An Administrator can manage users of the enterprises that are in their scope

Resource scope
  • The list of enterprises whose users can access the resource, if they have the other required permissions
  • Administrators select a set of scopes to share a resource with users of the enterprises listed in the scopes

Used to share VM templates and VApp specs.
An administrator can select their own scope, and scopes underneath their scope in the scope hierarchy

Scope hierarchy
  • A parent scope and one or more child scopes
  • Used for sharing resources to tenants that are underneath the administrator's scope

Administrators can share VM templates and VApp specs with users in scopes beneath their own scope.
But they cannot manage the enterprises that are not directly in their user scope

Global scope
  • The default scope for the cloud administrator that always includes all resources and cannot be modified

Unlimited scopes
  • The global scope
  • Use all enterprises checkbox selected - ALL current and future enterprises
  • Use all datacenters checkbox selected - ALL current and future datacenters

An unlimited scope cannot have a parent scope. It must be at the top of a scope hierarchy.
An unlimited scope has new resources added automatically in its unlimited dimensions.
Only a user with an unlimited scope can create an unlimited scope in the same dimensions as their scope.

Pricing scope
  • When a user creates a pricing model, the platform assigns the user's scope for tenants.
  • Only users with the same tenant scope can manage the pricing models
  • All users with pricing privileges can view the pricing model of their tenant
  • You cannot change the pricing scope or display it in the UI


The following screenshot shows a scope with enterprises and a child scope


Scope use cases

A global managed service provider could create a scope for country or region. For example, in Spain, with datacenters in Madrid, Barcelona, Valencia and Seville.

  • User scope for datacenters: An administrator for Spain would have access to all these datacenters, but the administrator for Eastern Spain would only have access to Barcelona and Valencia, which are on the east coast of Spain.
  • User scopes for enterprises: The administrator for Spain may have scope for Spain that only includes the top-level Spanish national organization to manage its users and resources.
  • Scope hierarchy: The administrator for Spain could also have a scope hierarchy beneath the Spain scope that includes the scopes for Eastern Spain and Central and Southern Spain and then their customers at a lower level. The administrator for Spain can only manage the users of the Spanish national organization but they can share templates and Vapp specs with tenants in the scopes at all levels of the hierarchy.

Diagram: an example of a scope hierarchy

 Click here to show/hide the diagram

 

Managing Scopes

Privilege: Manage scopes, Allow user to switch enterprises

From the Users view, if you have permission to Manage scopes and the Allow user to switch enterprises privilege, you can access the Scopes tab and manage scopes. 

Create or Modify a Scope

Click the add button to create a new scope.

  1. Enter the scope name
  • To create a limited scope
    • If it is within a scope hierarchy, select the parent scope
    • Select enterprises and datacenters to include in the scope
  • OR To create an unlimited scope for enterprises or datacenters, mark the appropriate checkbox(es). 
    • Use all enterprises will automatically include all current enterprises and add all new enterprises
    • Use all datacenters will automatically include all current datacenters and add all new datacenters

Screenshot: an unlimited enterprises and datacenters scope.

 Click here to show/hide the screenshot


To change an unlimited scope to a limited scope, first unselect the Select all checkbox, then select individual resources.  You cannot remove an enterprise from a scope that is using shared templates with that scope. You cannot modify the default Global scope. You cannot modify your own scope. After you create or modify a scope, you can assign it to a user or a resource.

Delete a scope

You cannot delete the default Global scope. You cannot delete your own scope. You cannot delete a scope if it is in use in certain circumstances, for example, if it is the default for an enterprise, or it is assigned to a shared template that is in use by an enterprise.  To delete a scope, select it in the list and click the delete button.

 Click here to show/hide the screenshot

Manage scopes with the API


Related pages

  • No labels

Copyright © 2006-2024, Abiquo Holdings SL. All rights reserved