This section lists the privileges set in Abiquo and describes their function in the application. It also shows the privileges assigned to the default roles: CLOUD_ADMIN, ENTERPRISE_ADMIN, USER and OUTBOUND_API. No user can delete the default CLOUD_ADMIN role or change the role's permissions. There must always be at least one user with this role.
Unable to render {include} The included page could not be found.
Key to Info Column of Privileges Table
= new privilege
= changed privilege
= deprecated privilege
Privileges Table
Home privileges | ||||||||
GUI Label _________________ | Application Tag | Privilege____________________________________ | Cloud Admin | Ent Admin | Ent User | Outbound API | Ent Viewer | Info |
|---|---|---|---|---|---|---|---|---|
| List enterprises within scope | ENTERPRISE_ENUMERATE | This privilege allows a user to view the list of enterprises within scope and to view statistics for those enterprises | X | |||||
| Allow user to switch enterprise | ENTERPRISE_ADMINISTER_ALL | This privilege allows a user to change to another enterprise, in order to administer it, by clicking the switch user button in the Enterprises list | X | X | ||||
| Display enterprise statistics | ENTERPRISE_RESOURCE_SUMMARY_ENT | This privilege allows a user to filter statistics by enterprise to display the resources used by an enterprise in the enterprise resources panel | X | X | X | X | ||
| Display enterprise limits in statistics | ENTERPRISE_SHOW_STATS_LIMITS | This privilege allows a user to view enterprise limits in addition to resources used in the enterprise resources panel if the user has the Display enterprise statistics privilege | X | X | X | |||
Infrastructure privileges | ||||||||
GUI Label _________________ | Application Tag | Privilege____________________________________ | Cloud Admin | Ent Admin | Ent User | Outbound API | Ent Viewer | Info |
| Access Infrastructure view | PHYS_DC_ENUMERATE | This privilege allows a user to access the Infrastructure view and list the physical datacenters | X | X | ||||
| Display resource usage panel | PHYS_DC_RETRIEVE_RESOURCE_USAGE | This privilege allows a user to view the resource usage panel in the Infrastructure view | X | X | ||||
| Manage datacenter | PHYS_DC_MANAGE | This privilege allows a user to manage datacenters (add, edit and delete). Without it, the datacenter's properties will be read only | X | X | ||||
| View datacenter details | PHYS_DC_RETRIEVE_DETAILS | This privilege allows a user to go inside a datacenter and view its details (racks, physical machines, VLANs, storage and allocation rules) | X | X | ||||
| Manage infrastructure elements | PHYS_DC_ALLOW_MODIFY_SERVERS | This privilege allows a user to manage infrastructure elements (add, edit and delete racks and physical machines) | X | X | ||||
| Manage network elements | PHYS_DC_ALLOW_MODIFY_NETWORK | This privilege allows a user to manage network elements (add, edit and delete public VLANs) | X | |||||
| Manage storage elements | PHYS_DC_ALLOW_MODIFY_STORAGE | This privilege allows a user to manage storage elements (add, edit and delete storage devices, pools, tiers and volumes) | X | |||||
| Manage allocation rules | PHYS_DC_ALLOW_MODIFY_ALLOCATION | This privilege allows a user to manage allocation rules (add and delete rules) | X | |||||
| Manage datacenter backup configuration | PHYS_DC_ALLOW_BACKUP_CONFIG | This privilege allows a user to manage backup configuration at datacenter level | X | X | ||||
| Manage devices | MANAGE_DEVICES | This privilege allows a user to setup networking devices (Neutron) | X | |||||
Virtual datacenters privileges | ||||||||
GUI Label _________________ | Application Tag | Privilege____________________________________ | Cloud Admin | Ent Admin | Ent User | Outbound API | Ent Viewer | Info |
| Access virtual datacenters view | VDC_ENUMERATE | This privilege allows a user to access the Virtual Datacenters view | X | X | X | X | X | |
| Manage virtual datacenters | VDC_MANAGE | This privilege allows a user to manage virtual datacenters (add, edit and delete). Without it, the virtual datacenter details are read only | X | X | X | |||
| Manage virtual appliances | VDC_MANAGE_VAPP | This privilege allows a user to manage virtual appliances (add, edit and delete) | X | X | X | X | ||
| Manage virtual network elements | VDC_MANAGE_NETWORK | This privilege allows a user to manage private and public VLANS (add, edit and delete) | X | X | ||||
| Manage virtual storage elements | VDC_MANAGE_STORAGE | This privilege allows a user to manage storage volumes (add, edit and delete) | X | X | ||||
| Manage floating IPs | MANAGE_FLOATINGIPS | This privilege allows a user to manage floating IPs (add and delete) | X | X | X | |||
| Manage firewalls | MANAGE_FIREWALLS | This privilege allows a user to manage firewalls (add, edit and delete) for virtual datacenters | X | X | X | |||
| Manage load balancers | MANAGE_LOADBALANCERS | This privilege allows a user to manage load balancers (add, edit and delete) for virtual datacenters | X | X | X | |||
| Manage virtual storage controller | VDC_MANAGE_STORAGE_CONTROLLER | This privilege allows a user to manage the controller of storage volumes | X | X | X | X | ||
| Manage public IPs | MANAGE_PUBLICIPS | This privilege allows a user to manage public IPs for private virtual datacenters | X | X | X | |||
Virtual appliances privileges | ||||||||
GUI Label _________________ | Application Tag | Privilege____________________________________ | Cloud Admin | Ent Admin | Ent User | Outbound API | Ent Viewer | Info |
| Edit virtual appliance details | VAPP_CUSTOMISE_SETTINGS | This privilege allows a user to edit virtual appliance details (name, CPUs, etc.), go inside virtual appliances and view their details | X | X | X | X | ||
| Deploy and undeploy virtual appliances | VAPP_DEPLOY_UNDEPLOY | This privilege allows a user to deploy/undeploy virtual appliances | X | X | X | X | ||
| Perform virtual machine actions | VAPP_PERFORM_ACTIONS | This privilege allows a user to perform virtual machine actions (power on/off, pause, reboot, remote access) | X | X | X | X | ||
| Manage persistent templates | VAPP_CREATE_STATEFUL | This privilege allows a user to manage persistent virtual machine templates (create in VApp; create, edit and delete in virtual datacenter) | X | X | X | X | ||
| Create instance | VAPP_CREATE_INSTANCE | This privilege allows a user to create instance templates of a virtual machine within a virtual appliance | X | X | X | |||
| Manage virtual machine hard disks | MANAGE_HARD_DISKS | This privilege allows a user to access the virtual machine hard disk tab and manage hard disks (add and delete) | X | |||||
| Manage layers | VAPP_MANAGE_LAYERS | This privilege allows a user to manage anti-affinity layers in virtual appliances (create, edit and delete layers) | X | X | X | |||
| Manage virtual machine backup configuration | VAPP_MANAGE_BACKUP | This privilege allows a user to access the backup configuration at virtual machine level and set the backup type and contents | X | |||||
| Manage virtual machine backup schedule | VAPP_DEFINE_BACKUP_INFO | This privilege allows a user to specify an additional option for backup configuration by setting backup dates and times | X | |||||
| Manage workflow tasks | WORKFLOW_OVERRIDE | This privilege allows a user to start or cancel queued tasks if workflow is enabled | X | X | ||||
| Delete unknown virtual machines | VAPP_DELETE_UNKNOWN_VM | This privilege allows a user to delete virtual machines in unknown state | X | |||||
| Assign firewalls to virtual machines | ASSIGN_FIREWALLS | This privilege allows a user to assign already created firewalls to virtual machines | X | X | ||||
| Access persistent templates view | VAPP_STATEFUL_VIEW | This privilege allows a user to access the persistent virtual machine templates view | X | X | X | |||
| Manage virtual machine backup disks | VAPP_MANAGE_BACKUP_DISKS | This privilege allows a user to specify disks and disk backup types (snapshot and complete) | X | X | ||||
| Assign load balancers | ASSIGN_LOADBALANCERS | This privilege allows a user to assign load balancers | X | X | ||||
| Manage virtual machine metrics | USERS_ENABLE_DISABLE_VM_METRICS | This privilege allows a user to activate monitoring of virtual machines | X | X | X | |||
| Access virtual machine metrics | USERS_SHOW_VM_METRICS | This privilege allows a user to manage monitoring | X | X | X | X | ||
| Restore virtual machine backups | VAPP_RESTORE_BACKUP | This privilege allows a user to restore virtual machine backups | X | X | ||||
| Protect/unprotect virtual machines | VM_PROTECT_ACTION | This privilege allows a user to protect/unprotect a virtual machine | X | |||||
| Consume virtual appliance specs | CONSUME_VAPP_SPEC | This privilege allows a user to consume virtual appliance specs | X | X | ||||
| Access alarms section in virtual machines | USERS_VM_VIEW_ALARMS | This privilege allows a user to access alarms section within a virtual machine | X | |||||
| Manage alarms | USERS_VM_MANAGE_ALARMS | This privilege allows a user to manage alarms (create, edit and delete) within a virtual machine | X | |||||
| Access alerts section | USERS_VAPP_VIEW_ALERTS | This privilege allows a user to access alerts section within a virtual appliance | X | |||||
| Manage alerts | USERS_VAPP_MANAGE_ALERTS | This privilege allows a user to manage alerts (create, edit and delete) within a virtual appliance | X | |||||
| Override virtual machine constraints | VM_EXCEED_CPU_RAM | This privilege allows a user to modify virtual machine CPU and RAM to values outside the maximum and minimum values defined in the virtual machine template | X | |||||
| Edit virtual machine details | VM_EDIT_CPU_RAM | This privilege allows a user to edit virtual machine details (CPU and RAM) | X | X | X | X | X | |
| Retrieve default VM credentials | VM_CHECK_USER_PASSWORD | This privilege allows a user to retrieve the default user and password of a virtual machine | X | |||||
| Access action plans and task schedules views | VM_ACTION_PLAN_VIEW | This privilege allows a user to access action plans and task schedules views | X | |||||
| Manage action plans and task schedules | VM_ACTION_PLAN_MANAGE | This privilege allows a user to manage action plans and task schedules | X | |||||
| Relocate a VM to a compatible host | VM_RELOCATE | This privilege allows a user to relocate a VM to a compatible host | X | 3.10.1 | ||||
| Manage workflow for scaling groups | SCALING_GROUP_MANAGE_WORKFLOW | This privilege allows a user to enable or disable workflow for scaling groups. | X | | ||||
| Attach NICs in restricted networks | VM_ATTACH_NIC | This privilege allows a user to attach NICs in restricted networks | X | | ||||
| Detach NICs from restricted networks | VM_DETACH_NIC | The privilege allows a user to detach NICs from restricted networks | X | | ||||
| Manage scaling groups | MANAGE_SCALING_GROUPS | This privilege allows a user to manage scaling groups (add, edit and delete) | X | | ||||
Apps library privileges | ||||||||
GUI Label _________________ | Application Tag | Privilege____________________________________ | Cloud Admin | Ent Admin | Ent User | Outbound API | Ent Viewer | Info |
| Access Apps library view | APPLIB_VIEW | This privilege allows a user to access the Appliance library view | X | X | X | |||
| Manage VM templates from Apps library | APPLIB_ALLOW_MODIFY | This privilege allows a user to view the Appliance library contents, modify virtual machine templates (download from remote repositories, edit and delete) and promote instances | X | X | X | |||
| Upload virtual machine template | APPLIB_UPLOAD_IMAGE | This privilege allows a user to upload virtual machine templates from a local file into the Apps library | X | X | X | |||
| Manage repository | APPLIB_MANAGE_REPOSITORY | This privilege allows a user to manage repositories (add and delete repositories) | X | X | ||||
| Download virtual machine template | APPLIB_DOWNLOAD_IMAGE | This privilege allows a user to download virtual machine templates from the Appliance library to their hard disk | X | X | X | |||
| Manage VM template categories | APPLIB_MANAGE_CATEGORIES | This privilege allows a user to manage categories of virtual machine templates that belong to their enterprise (add and delete) | X | X | ||||
| Manage VM template global categories | APPLIB_MANAGE_GLOBAL_CATEGORIES | This privilege allows a user to manage categories of virtual machine templates that are common and available to all enterprises (add and delete) | X | |||||
| Display datacenter capacity and free space | APPLIB_SHOW_DC_CAPACITY | This privilege allows a user to view the capacity and remaining space of a datacenter | X | |||||
| Export a virtual machine template to datacenter | APPLIB_EXPORT_TO_PRIVATE | This privilege allows a user to export a virtual machine template to another private datacenter. | X | |||||
| Export a virtual machine template to public cloud region | APPLIB_EXPORT_TO_PUBLIC | This privilege allows a user to export a virtual machine template to another public cloud region. | X | |||||
| Manage virtual appliance specs | MANAGE_VAPP_SPEC | This privilege allows a user to manage virtual appliance specs (add and edit) | X | |||||
| Download VM templates from remote repository | APPLIB_DOWNLOAD_FROM_REMOTE_REPOSITORY | This privilege allows a user to download virtual machine templates from remote repositories | X | X | ||||
Users privileges | ||||||||
GUI Label _________________ | Application Tag | Privilege____________________________________ | Cloud Admin | Ent Admin | Ent User | Outbound API | Ent Viewer | Info |
| Access Users view | USERS_VIEW | This privilege allows a user to access the Users view | X | X | X | |||
| Manage enterprises | USERS_MANAGE_ENTERPRISE | This privilege allows a user to manage enterprises (add, edit and delete) | X | X | ||||
| Manage users | USERS_MANAGE_USERS | This privilege allows a user to manage users (add, edit and delete) | X | X | X | |||
| Manage users of all enterprises | USERS_MANAGE_OTHER_ENTERPRISES | This privilege allows a user to manage users of more than one enterprise and move users between enterprises. Without it, the Enterprise list is not shown in Users view | X | X | ||||
| No VDC restriction | USERS_PROHIBIT_VDC_RESTRICTION | Normally a user within an enterprise can have a list of VDCs assigned and these will be the only VDCs that they will be able to see. Setting this privilege exempts a user from having their VDC list restricted and they will be able to see all VDCs in their enterprise | X | X | X | |||
| Access Roles screen | USERS_VIEW_PRIVILEGES | This privilege allows a user to access the Roles screen | X | X | ||||
| Manage roles | USERS_MANAGE_ROLES | This privilege allows a user to manage roles (add, edit and delete roles; modify privileges assigned to roles; assign scopes to roles) | X | |||||
| Associate role with enterprise | USERS_MANAGE_ROLES_OTHER_ENTERPRISES | This privilege allows a user to associate a role with any enterprise | X | |||||
| Manage global role | USERS_MANAGE_SYSTEM_ROLES | This privilege allows a user to manage roles that are common and available to all enterprises, rather than being constrained to a single enterprise | X | |||||
| Specify LDAP group | USERS_MANAGE_LDAP_GROUP | This privilege allows a user to associate a role with an LDAP group. When LDAP authentication is activated, a user's role will be determined by the LDAP group that they are a member of | X | |||||
| Display connected users | USERS_ENUMERATE_CONNECTED | This privilege allows a user to display connected users | X | |||||
| Define enterprise manager | USERS_DEFINE_AS_MANAGER | This privilege defines a user as an enterprise manager. Enterprise managers receive physical machine notification emails | X | X | ||||
| Manage Chef enterprises | USERS_MANAGE_CHEF_ENTERPRISE | This privilege allows a user to enable and manage Chef for enterprises | X | |||||
| Manage scopes | USERS_MANAGE_SCOPES | This privilege allows a user to manage scopes (add, edit and delete scopes) | X | |||||
| Manage enterprise reserved servers | USERS_MANAGE_RESERVED_MACHINES | This privilege allows a user to manage reserved servers at enterprise level | X | X | ||||
| Modify enterprise theme | USERS_MANAGE_ENTERPRISE_BRANDING | This privilege allows a user to manage enterprise branding (select a specific theme for an enterprise) | X | |||||
| Allow user to push own VM metrics | USERS_PUSH_VM_METRICS | This privilege allows a user to push their own VM metrics | X | X | X | |||
| Manage provider credentials | USERS_MANAGE_CREDENTIALS | This privilege allows a user to manage provider credentials (add and delete) | X | |||||
| Manage user applications | USERS_MANAGE_APPLICATIONS | This privilege allows a user to manage applications (add and delete) | X | |||||
System configuration privileges | ||||||||
GUI Label _________________ | Application Tag | Privilege____________________________________ | Cloud Admin | Ent Admin | Ent User | Outbound API | Ent Viewer | Info |
| Access Configuration view | SYSCONFIG_VIEW | This privilege allows a user to access the Configuration view | X | X | ||||
| Modify configuration data | SYSCONFIG_ALLOW_MODIFY | This privilege allows a user to edit all system-wide configuration settings | X | |||||
| Allow access to reports | SYSCONFIG_SHOW_REPORTS | This privilege allows a user to access external reports by clicking the Reports button. The button will only be visible if the 'Reports URL' system property is not empty (Configuration -> System Properties -> General -> Reports URL) | X | |||||
Pricing privileges | ||||||||
GUI Label _________________ | Application Tag | Privilege____________________________________ | Cloud Admin | Ent Admin | Ent User | Outbound API | Ent Viewer | Info |
| Add a cost code when editing a VM template | APPLIB_VM_COST_CODE | This privilege allows a user to select a cost code when editing a virtual machine template | X | |||||
| Access Pricing view | PRICING_VIEW | This privilege allows a user to access the Pricing view | X | X | ||||
| Manage pricing | PRICING_MANAGE | This privilege allows a user to manage pricing components (add, edit and delete currencies, pricing models and cost codes) | X | |||||
Events privileges | ||||||||
GUI Label _________________ | Application Tag | Privilege____________________________________ | Cloud Admin | Ent Admin | Ent User | Outbound API | Ent Viewer | Info |
| Display all events for current enterprise | EVENTLOG_VIEW_ENTERPRISE | This privilege allows a user to display all events related to the current enterprise | X | X | X | X | ||
| Display all events | EVENTLOG_VIEW_ALL | This privilege allows a user to display all events | X |