To define how a user can work with resources, each user has a role with a group of privileges that allow access to different cloud features. You can create roles for each group of users such as cloud administrators, resellers, tenant administrators, standard users, and so on.
In addition, to define the resources that a user can view, access, and administer, each user also has an administration scope. And the user's enterprise has a list of allowed datacenters and public cloud regions that users can work in.
You can match user roles to OpenID, AD, or LDAP groups and when the platform will automatically create users and assign them the matching roles.
For information about the Abiquo concepts of enterprises and users, see Users in the Abiquo Walkthrough.
Privilege: Access Roles and Scope screens |
To manage roles, go to Users → Roles. By default, you will see the Global roles that are available to all enterprises and the platform will display them with "(Global)" after the name. To display the enterprise roles that belong to a specific enterprise, select the enterprise.
Abiquo provides a set of default roles and you can clone and modify them to create new roles. See Default roles. See Privileges for a list of the privileges for each role.
Privilege: Access Roles and Scope screens, Manage roles, Manage global role |
A user can only have one role, but a role can be associated with multiple OpenID, AD, or LDAP groups. To clone a role, click the clone button. By default the new role will have "Copy:" added to its name, for example, "Copy: CLOUD_ADMIN".
To create or modify a role:
After you create or clone a role, select the role name in the list and edit the privileges as required, then click Save.
Related pages