Abiquo Documentation Cookies Policy

Our Documentation website uses cookies to improve your experience. Please visit our Cookie Policy page for more information about cookies and how we use them.


Documentation

Skip to end of metadata
Go to start of metadata

Introduction to resource scopes

On the Manage Scopes page we describe how a user scope or administration scope defines the list of resources (datacenters and enterprises) that a user can display and manage. Scopes complement the privileges assigned to a role, which define how the role can work with resources, for example, as a user or administrator. (So for example, this means that an administrator can deploy virtual machines in any of the datacenters that the user's enterprise is allowed use (Edit Enterprise, Allowed Datacenters), even if the user's role scope does not include these datacenters).

Abiquo also uses scopes to control resources, and in this case, the documentation will refer to them in general as resource scopes and specifically with the name of the resource they manage. For example, for virtual appliance specs, the spec scopes define a list of tenants whose users can access a shared spec, as well as the administrators who can manage it.

Pricing scope for pricing models

Abiquo controls access to pricing models with a simple scope, according to these rules:

  • When a user creates a pricing model, Abiquo automatically assigns the user's tenant scope. You cannot change this scope or display it in the UI
  • Abiquo only allows users with the same tenant scope (who can administer exactly the same customers) to manage the user's pricing models
  • All users with pricing privileges can view the pricing model assigned to their own tenant

Template scopes for virtual machine templates

Changes to template scopes in 3.10.2

The administrator can manage shared templates with scopes if they have the Manage users of all enterprises privilege. The administrator can save a template if their user scope is greater than or equal to the template scope. In Abiquo 3.10.2+, to display and manage template scopes, administrators do not need the Manage scopes privilege.


In previous versions of Abiquo, administrators could simply select the Shared template checkbox and the template would be available to all enterprises. In Abiquo 3.10+, administrators can use scopes for more precise control over access to shared templates. 

As in previous versions, to work with VM templates, administrators will require the appropriate Apps library privileges. To manage shared templates, administrators must also have the privilege to Manage users of all enterprises (within scope). The administrator's scope must be greater than or equal to the template's scope.

To delete shared templates, administrators must have the privilege to Manage users of all enterprises, and they must have the template's enterprise in their scope.


The cloud administrator can add one or more scopes to a template, including the global scope.The global scope means that users from all current and future enterprises can access this template.

Spec scopes for virtual appliance specs

To work with specs, administrators will require the appropriate Virtual appliance specs and Apps library privileges. To manage shared specs, administrators must also have the privilege to Manage users of all enterprises (within scope). To display and manage spec scopes, administrators must have the Manage scopes privilege. With Manage users of all enterprises but without Manage scopes, the administrator can only display the assigned scope. To delete shared specs, administrators must have the privilege to Manage users of all enterprises, and they must have the spec's enterprise in their scope. 

The cloud administrator can add one or more scopes to a spec, including the global scope. 

Resource scope example

This example applies to template and spec scopes.