On the Manage Scopes page we describe how a user scope or administration scope defines the list of resources (datacenters and enterprises) that a user of a specific role can view and administer. Scopes complement the privileges assigned to a role, which define how the role can work with resources, for example, as a user or administrator. (So for example, this means that an administrator can deploy virtual machines in any of the datacenters that the user's enterprise is allowed use (Edit Enterprise, Allowed Datacenters), even if the user's role scope does not include these datacenters).
Abiquo also uses scopes in other ways to control different resources, and in this case, the documentation will refer to them in general as resource scopes and specifically with the name of the resource they manage. For example, for virtual appliance specs, spec scopes define a list of tenants whose users can access the spec, as well as the users who can administer it.
A virtual appliance spec can have zero or more scopes, which control access in addition to the required privileges:
The following diagram shows how a spec can have one or more scopes to determine which users can work with the spec.
Diagram: How role (administration) scopes and spec scopes work together
Remember that only administrators with all required privileges and unlimited global scope can manage all scopes for specs.
After you create a Resource scope with a list of tenants, you can allow the users of these tenants to use the resource by assigning the scope to the resource. See Manage Virtual Appliance Specs#Definetheuserswhocanworkwithaspec
Screenshot: Assign scopes to a spec. Users from the enterprises listed in the scopes can work with the spec.
Management of spec scopes with scope privileges: