Privileges to control virtual networking
- MS (Unlicensed)
Abiquo 4.7.0 introduces new privileges to control the use of public and external networks in virtual datacenters and virtual machines. This is helpful in providers where users manage networks at the virtual datacenter level, for example, ESXI + NSX (gateway, ECMP, NAT) , Amazon, Azure, and vCloud. For example, users can synchronize public IP addresses in Amazon and users can synchronize external networks in vCloud.
Current network privileges such as Manage virtual network elements, Manage public IPs, and Manage floating IPs will still apply. The privilege to Manage network elements is still used for private cloud infrastructure.
VDC external and public network privileges
The new virtual datacenter network privileges are assigned to all roles by default.
| GUI label | Application tag | Privilege | Cloud Admin | Ent Admin | User | Ent Viewer | Out- bound API |
|---|---|---|---|---|---|---|---|
| Access public network tab | VDC_VIEW_PUBLIC_NETWORK | This privilege gives the user access to public network resources in virtual infrastructure | X | X | X | X | X |
| Manage public network elements | VDC_MANAGE_PUBLIC_NETWORK | This privilege allows a user to manage public network resources in virtual infrastructure | X | X | X | X | X |
| Access external network tab | VDC_VIEW_EXTERNAL_NETWORK | This privilege gives the user access to external network resources in virtual infrastructure | X | X | X | X | X |
| Manage external network elements | VDC_MANAGE_EXTERNAL_NETWORK | This privilege allows a user to manage external network resources in virtual infrastructure | X | X | X | X | X |
The main privilege to work with networks in virtual datacenters is still Manage virtual network elements, which by default is assigned to the ENTERPRISE_ADMIN_ROLE but not the USER role. This means that the default cloud user can view but not manage external and public networks, even if they have the network management privileges.
The platform does not display external or public networks to a user with Manage virtual network elements but without the privileges to access or manage external or public networks.
VM external and public network privileges
By default, in a VM, all users can display and assign IPs from all networks to VMs. To stop users managing IPs from specific networks, remote the network privileges.
| GUI label | Application tag | Privilege | Cloud Admin | Ent Admin | User | Ent Viewer | Out- bound API |
|---|---|---|---|---|---|---|---|
| Assign public IPs to VMs | VM_ASSIGN_PUBLIC_IP | This privilege allows a user to assign public IPs to VMs | X | X | X | X | X |
| Assign external IPs to VMs | VM_ASSIGN_EXTERNAL_IP | This privilege allows a user to assign external IPs to VMs | X | X | X | X | X |
Remember that the default privileges for all roles also allow all users to purchase IPs from public networks. This can be done in the VM configuration on the Public tab.
Copyright © 2006-2022, Abiquo Holdings SL. All rights reserved