Skip to end of metadata
Go to start of metadata

You are viewing an old version of this content. View the current version.

Compare with Current View Version History

« Previous Version 5 Next »

Abiquo user management has a flexible concept of roles associated with privileges. Each user is assigned a role and that role is assigned a set of privileges to grant access to different cloud features. The privileges assigned to the role define how the user can work with the resources, for example, as a user or administrator.  In a complementary way, the Administration Scope of a user defines the resources (such as datacenters and enterprises) that the user can view, access and administer. You can match roles to OpenID, AD or LDAP groups for automatic user creation and role assignment. 

To manage roles, go to Users ---> Roles.

Abiquo provides a set of default roles and you can clone and modify them to create new roles. The following table describes the default roles. See Privileges for a list of the privileges for each role.

Default Role



Manages the physical infrastructure and configurations in order to offer a cloud service. The privileges of this role cannot be modified. The default "admin" user has this role and the unlimited global scope. There must always be at least one user with this role and the global scope, but it does not have to be the default admin user. This role can be cloned, for example, to create administrators with a scope that restricts them to certain datacenters and enterprises.


Manages configurations at enterprise level and grants access to other enterprise users. This role is for users that are responsible for an enterprise to manage their cloud services. By definition, users with this role are restricted to administering their own enterprise.


Manages the virtual appliances of an enterprise. Typically, this role is for users working with the cloud service. By definition, users with this role are restricted to their own enterprise.

OUTBOUND_APIUser for the M module that stores Events in the API and streams them in the Outbound API. The default privileges of this role allow it to read all events.
ENTERPRISE_VIEWERAllows read-only access to the cloud platform. A user with this role can access a VDC and view VApps, VMs and VM details.


Create or Modify a Role

A user can only have one role, but from v4.0.3 a role can be associated with multiple OpenID, AD or LDAP groups. Roles can be enterprise roles or global roles. To clone a role, click the clone button. By default the new role will have "Copy:" added to its name, for example, "Copy: CLOUD_ADMIN".  To create or modify a role, click the + Add button or Edit button and complete the following dialog.

Unable to render {include} The included page could not be found.

After you create or clone the role, select the role name in the list and edit the privileges as required, then click Save.


  • No labels