Define user access to actions and resources
- 1 Define which actions a group of users can perform on the platform
- 2 Define which cloud locations users can deploy in
- 3 Define which resources an administrator can manage
- 4 Restrict a user to a set of virtual datacenters
- 5 Create a read-only user
- 6 Restrict user activity in a specific virtual datacenter
- 7 Allow users to outsource their VMs
- 8 Require users to get approval for all VM launch, deploy, and reconfigure actions
This page describes how to control user access to features, actions, and resources.
For information about how to control user access to the platform, such as, how to block users or reset passwords, see https://abiquo.atlassian.net/wiki/spaces/doc/pages/326598657
Define which actions a group of users can perform on the platform
Each user has a role with a group of privileges that allow access to different cloud features. To change user access to features, modify the user role and add or remove privileges.
See https://abiquo.atlassian.net/wiki/spaces/doc/pages/311370787
Define which cloud locations users can deploy in
You can allow each tenant to access a set of cloud locations (including providers, public cloud regions, and datacenters). All the users of a tenant can deploy in the allowed locations.
See https://abiquo.atlassian.net/wiki/spaces/doc/pages/311377504
Define which resources an administrator can manage
Each user has a scope that includes a list of enterprises and locations.
Administrators with the appropriate privileges can manage the enterprises listed in their scope.
Tenant administrator privileges may include:
Allow user to switch enterprises
List enterprises within scope
Manage enterprises
Manage users of all enterprises
Administrators with the appropriate privileges can manage the cloud locations listed in their scope, assuming that their tenant also has access to these locations.
See
Restrict a user to a set of virtual datacenters
If the user does not have the No VDC restriction privilege, the user can have a VDC access list. This means that the user will only be able to access the VDCs on the list.
See
Create a read-only user
To create a read-only user, assign the ENTERPRISE_VIEWER role to the user.
See
Restrict user activity in a specific virtual datacenter
To allow users to perform a limited set of actions in a specific virtual datacenter, assign a role to the virtual datacenter. Users will only be able to perform the actions of the virtual datacenter role. Of course, you can create exceptions for selected users. And users will not be able to gain access to new features from the virtual datacenter role. For example, you can create a virtual datacenter where the users have read-only access.
See
Allow users to outsource their VMs
Administrators can create restricted virtual appliances, which means that users cannot access the VMs without the appropriate privileges. However, the VMs are still running in the user's tenant, which enables you to bill the tenant for the virtual resources.
See
Require users to get approval for all VM launch, deploy, and reconfigure actions
You can create a workflow connector to use the Workflow feature to hold deploy actions (deploy, undeploy, reconfigure) until an external system approves the changes.
See
Copyright © 2006-2024, Abiquo Holdings SL. All rights reserved