Create read only users and virtual datacenters

Owned by MS (Unlicensed)
Feb 04, 2024
2 min read



Create a read only user for the whole platform

To create a read only user for the whole platform, assign the ENTERPRISE_VIEWER role to the user. This user will only be able to view the platform, they will not be able to create and deploy VMs and so on.

By default, the user should be able to display virtual datacenters, open virtual appliances, display VM configuration (including the Backup status tab) and VM states, and access VM monitoring.

Make a virtual datacenter read only

To make a virtual datacenter read only for standard users, assign the ENTERPRISE_VIEWER role to the virtual datacenter. This role will only apply to users that do not have the No VDC restriction privilege. So a user with an ENTERPRISE_ADMIN role would be able to deploy VMs as usual. 

The Roles tab in the virtual datacenter will only display if the user has the Manage roles privilege. By default, this privilege is only assigned to the CLOUD_ADMIN role.

 

Make a location’s virtual datacenters read only by default for an enterprise

To make a provider's virtual datacenters read only for an enterprise, edit the enterprise, and on the Datacenters tab, edit the location (region or datacenter). On the Defaults tab, for the VDC default role, select your viewer role. The platform will assign this role to all new virtual datacenters that you create in the region. An administrator may later change this role as required.  The Default roles tab will display when editing a location when the user has the Manage VDC default roles privilege. By default this privilege is only assigned to the CLOUD_ADMIN role.

Make a provider's virtual datacenters read only by default for an enterprise

To make a provider's virtual datacenters read only for an enterprise, edit the enterprise, and go to Datacenters. On the Allowed datacenters panel, edit the provider and go to Defaults. For the VDC default role, select the viewer role

The platform will copy this role to all regions in the provider. An administrator may later change this role as required at the location or VDC level.

Customizing enterprise viewer privileges

Here are some notes about how the privileges work for the ENTERPRISE_VIEWER role.

  • The Access virtual datacenters view privilege (VDC_ENUMERATE) lets the user list and open virtual appliances

  • The Edit virtual appliance details privilege, lets the user make changes to virtual appliances, open the VM edit view, and in combination with other privileges, lets the user :

    • The Edit virtual machine details privilege (VM_EDIT_CPU_RAM) lets the user modify the VM CPU and RAM

    • The Access resource tags tabs and resource tags management view privilege (TAGS_VIEW) lets the user modify VM tags

    • The Access metrics privilege (USERS_SHOW_METRICS) lets the user display metrics for the VM, and the Manage virtual machine metrics privilege (USERS_ENABLE_DISABLE_VM_METRICS) lets the user activate VM metrics by selecting Fetch metrics

    • Move the VM to another VApp

  • The default viewer role does not have the Edit virtual appliance details privilege (VAPP_CUSTOMISE_SETTINGS)

  • The Display enterprise statistics privilege (ENTERPRISE_RESOURCE_SUMMARY_ENT) lets a default viewer user list VMs in their enterprise

  • By default, the viewer role has the privileges to use all XaaS services

 

Copyright © 2006-2024, Abiquo Holdings SL. All rights reserved