Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 46 Next »

To define how a user can work with resources, each user has a role with a group of privileges that allow access to different cloud features. You can create roles for each group of users such as cloud administrators, resellers, tenant administrators, standard users, and so on.

In addition, to define the resources that a user can view, access, and administer, each user also has an administration scope. And the user's enterprise has a list of allowed datacenters and public cloud regions that users can work in.

You can match user roles to OpenID, AD, or LDAP groups and when the platform will automatically create users and assign them the matching roles.

For information about the Abiquo concepts of enterprises and users, see Users in the Abiquo Walkthrough. 


Privilege: Access Roles and Scope screens

To manage roles, go to Users → Roles. By default, you will see the Global roles that are available to all enterprises and the platform will display them with "(Global)" after the name. To display the Enterprise roles that belong to a specific enterprise, select the enterprise.

Abiquo provides a set of default roles and you can clone and modify them to create new roles. The following table describes the default roles. See Privileges for a list of the privileges for each role.

Default Role

Description

CLOUD_ADMIN

Manages the physical infrastructure and configurations in order to offer a cloud service. The privileges of this role cannot be modified. The default "admin" user has this role and the unlimited global scope. There must always be at least one user with this role and the global scope, but it does not have to be the default admin user. This role can be cloned, for example, to create administrators with a scope that restricts them to certain datacenters and enterprises.

ENTERPRISE_ADMIN

Manages configurations at enterprise level and grants access to other enterprise users. This role is for users that are responsible for an enterprise to manage their cloud services. By definition, users with this role are restricted to administering their own enterprise.

USER

Manages the virtual appliances of an enterprise. Typically, this role is for users working with the cloud service. By definition, users with this role are restricted to their own enterprise.

OUTBOUND_APIUser for the M module that stores Events in the API and streams them in the Outbound API. The default privileges of this role allow it to read all events.
ENTERPRISE_VIEWERAllows read-only access to the cloud platform. A user with this role can access a VDC and view VApps, VMs and VM details.


Create or modify a role

Privilege: Access Roles and Scope screens, Manage roles, Manage global role

A user can only have one role, but a role can be associated with multiple OpenID, AD or LDAP groups. To clone a role, click the clone button. By default the new role will have "Copy:" added to its name, for example, "Copy: CLOUD_ADMIN". To create or modify a role, click the + Add button or Edit button and complete the following dialog.

Unable to render {include} The included page could not be found.

After you create or clone the role, select the role name in the list and edit the privileges as required, then click Save.

Manage privileges

To modify a role's privileges:

  1. To modify a local role, select the enterprise
  2. Select a role from the Roles list
    • You cannot modify the privileges of your own role. For other roles, you can only modify the privileges that are also assigned to your own role
    • You cannot modify the privileges of the default CLOUD_ADMIN role
  3. In the Privileges pane, click a checkbox beside a privilege to add or remove the privilege. 
    • To add all the privileges in a group, click the All privileges checkbox beside the group name
    • Privileges are generally independent, for example, a user whose role does not have the "Access Infrastructure view" privilege will not be able to see the Infrastructure icon in the UI. However, if this user's role has the privileges to "Manage datacenters" and "View datacenter details", the user will be able to access these functions through the API
  4. Save the changes by clicking Save
    • Any other action outside of the Privileges pane will discard your changes, for example, clicking on another role name 
Privileges table

See Privileges

Related pages

 

  • No labels

Copyright © 2006-2024, Abiquo Holdings SL. All rights reserved