Control VDC default roles for enterprises in locations

Abiquo 4.6.3 introduced small changes to the Default role feature and the VDC roles feature.

When you allow an enterprise to work in a datacenter or public cloud region, you can set a default role to limit user access in this location. See Configure an enterprise in a cloud location | Set default user roles for virtual datacenters in a provider or location. And when you create a VDC, you can set a role to limit access to this VDC. See Manage virtual datacenters | Set a virtual datacenter role to limit user access.

Abiquo 4.6.3 introduced a new privilege for managing the default role and a minimum default role for creating VDCs. The Manage VDC default roles privilege will control access to the Default role tab when editing an allowed datacenter or public cloud region for a tenant. Without this privilege the tenant administrators will not be able to modify the default roles assigned by cloud administrators.

In Abiquo 4.7.1 the privilege name changed to Manage enterprise datacenter default roles.

The minimum default role will ensure that a user cannot create VDCs that they will not be able to work with. This is especially useful for cloud providers where VDCs always incur base costs even when they are not in use, for example, AWS charges for the Elastic IP of the NAT gateway. The platform will block users from creating VDCs if the default role will apply to the user and the default role is a Viewer role. This effectively means that if users will have very limited access, an administrator will need to create their VDCs.