On the Manage Scopes page we describe how a user scope or administration scope defines the list of resources (datacenters and enterprises) that a user can display and manage. Scopes complement the privileges assigned to a role, which define how the role can work with resources, for example, as a user or administrator. (So for example, this means that an administrator can deploy virtual machines in any of the datacenters that the user's enterprise is allowed use (Edit Enterprise, Allowed Datacenters), even if the user's role scope does not include these datacenters).
Abiquo also uses scopes to control resources, and in this case, the documentation will refer to them in general as resource scopes and specifically with the name of the resource they manage. For example, for virtual appliance specs, the spec scopes define a list of tenants whose users can access a shared spec, as well as the administrators who can manage it.
Abiquo controls access to pricing models with a simple scope, according to these rules:
Changes to template scopes in 3.10.2
The administrator can manage shared templates with scopes if they have the Manage users of all enterprises privilege. The administrator can save a template if their user scope is greater than or equal to the template scope. In Abiquo 3.10.2+, to display and manage template scopes, administrators do not need the Manage scopes privilege.
In previous versions of Abiquo, administrators could simply select the Shared template checkbox and the template would be available to all enterprises. In Abiquo 3.10+, administrators can use scopes for more precise control over access to shared templates.
As in previous versions, to work with VM templates, administrators will require the appropriate Apps library privileges. To manage shared templates, administrators must also have the privilege to Manage users of all enterprises (within scope). The administrator's scope must be greater than or equal to the template's scope.
To delete shared templates, administrators must have the privilege to Manage users of all enterprises, and they must have the template's enterprise in their scope.
The cloud administrator can add one or more scopes to a template, including the global scope.The global scope means that users from all current and future enterprises can access this template.
To work with specs, administrators will require the appropriate Virtual appliance specs and Apps library privileges. To manage shared specs, administrators must also have the privilege to Manage users of all enterprises (within scope). To display and manage spec scopes, administrators must have the Manage scopes privilege. With Manage users of all enterprises but without Manage scopes, the administrator can only display the assigned scope. To delete shared specs, administrators must have the privilege to Manage users of all enterprises, and they must have the spec's enterprise in their scope.
The cloud administrator can add one or more scopes to a spec, including the global scope.
This example applies to template and spec scopes.