Introduction to user roles

Owned by MS (Unlicensed)
May 03, 2022
2 min read

Each user has a role to define how they can work with resources. 

User roles have groups of privileges to allow access to different cloud features.

  • Global roles are available to all enterprises, and display with "(Global)" after the name
  • Enterprise roles belong to a specific enterprise, and the platform displays them when you select an enterprise.


OpenID, AD, or LDAP groups

You can specify directory groups in user roles. The platform will automatically create users and assign the matching roles to them. 
See LDAP and Active Directory Integration and Abiquo OpenID Connect Integration.


Generally, you will assign one role to a group of users. You can clone and modify default roles to create your own roles. The Privileges page lists all the privileges and marks those assigned to each default role. 

Default Role

Description

CLOUD_ADMIN

Manages the physical infrastructure and configurations in order to offer a cloud service. The default "admin" user has this role and unlimited global scope. You can create cloud administrators with lesser scopes that restrict them to certain enterprises and cloud locations. You cannot modify the privileges of this role. There must always be at least one user with this role and the global scope, but it does not have to be the default admin user.

ENTERPRISE_ADMIN

Manages configurations at enterprise level and grants access to other enterprise users. You can add privileges to allow the user to administer multiple enterprises, for example, as a reseller.

USER

Works with virtual appliances in their enterprise.

OUTBOUND_APIThe default privileges of this role allow the user to read all events. This user is for the module that stores events in the API and streams them for the outbound API.
ENTERPRISE_VIEWERAllows read-only access to the cloud platform. A user with this role can access a VDC and view VApps, VMs and VM details.

Privileges are generally independent, for example, when the user role does not have the "Access Infrastructure view" privilege, the Infrastructure icon will not display in the UI. However, with the "Manage datacenters" and "View datacenter details" privileges, the user can access this functionality through the API.

For information about creating a reseller, see Create a Reseller and Reseller Administrator User

Changes to privileges by version

See Changes to privileges

Copyright © 2006-2022, Abiquo Holdings SL. All rights reserved