Create read only users and virtual datacenters
Create a read only user for the whole platform
To create a read only user for the whole platform, assign the ENTERPRISE_VIEWER
role to the user. This user will only be able to view the platform, they will not be able to create and deploy VMs and so on.
By default, the user should be able to display virtual datacenters, open virtual appliances, display VM configuration (including the Backup status tab) and VM states, and access VM monitoring.
Make a virtual datacenter read only
To make a virtual datacenter read only for standard users, assign the ENTERPRISE_VIEWER
role to the virtual datacenter. This role will only apply to users that do not have the No VDC restriction
privilege. So a user with an ENTERPRISE_ADMIN
role would be able to deploy VMs as usual.Â
The Roles tab in the virtual datacenter will only display if the user has the Manage roles
privilege. By default, this privilege is only assigned to the CLOUD_ADMIN
role.
Â
Make a location’s virtual datacenters read only by default for an enterprise
To make a provider's virtual datacenters read only for an enterprise, edit the enterprise, and on the Datacenters tab, edit the location (region or datacenter). On the Defaults tab, for the VDC default role, select your viewer role. The platform will assign this role to all new virtual datacenters that you create in the region. An administrator may later change this role as required.  The Default roles tab will display when editing a location when the user has the Manage VDC default roles
privilege. By default this privilege is only assigned to the CLOUD_ADMIN
role.
Make a provider's virtual datacenters read only by default for an enterprise
To make a provider's virtual datacenters read only for an enterprise, edit the enterprise, and go to Datacenters. On the Allowed datacenters panel, edit the provider and go to Defaults. For the VDC default role, select the viewer role
The platform will copy this role to all regions in the provider. An administrator may later change this role as required at the location or VDC level.
Customizing enterprise viewer privileges
Here are some notes about how the privileges work for the ENTERPRISE_VIEWER
role.
The
Access virtual datacenters view
privilege (VDC_ENUMERATE
) lets the user list and open virtual appliancesThe
Edit virtual appliance details
privilege, lets the user make changes to virtual appliances, open the VM edit view, and in combination with other privileges, lets the user :The
Edit virtual machine details
privilege (VM_EDIT_CPU_RAM
) lets the user modify the VM CPU and RAMThe
Access resource tags tabs and resource tags management view
privilege (TAGS_VIEW
) lets the user modify VM tagsThe
Access metrics
privilege (USERS_SHOW_METRICS
) lets the user display metrics for the VM, and theManage virtual machine metrics
privilege (USERS_ENABLE_DISABLE_VM_METRICS
) lets the user activate VM metrics by selecting Fetch metricsMove the VM to another VApp
The default viewer role does not have the
Edit virtual appliance details
privilege (VAPP_CUSTOMISE_SETTINGS
)The
Display enterprise statistics
privilege (ENTERPRISE_RESOURCE_SUMMARY_ENT
) lets a default viewer user list VMs in their enterpriseBy default, the viewer role has the privileges to use all XaaS services
Â
Copyright © 2006-2024, Abiquo Holdings SL. All rights reserved