A resource scope is a scope that is assigned to a resource, such as a VM template or a VApp spec, and it controls resource sharing. Resources can usually have multiple scopes that work in conjunction with other access controls. For example, for administrators these are user role privileges, enterprise allowed datacenters, and user scope.
The administrator assigns the scopes to the resource itself and Abiquo gets the list of enterprises in the scopes and allows the users of those enterprises to access the resource. If the scopes are part of a hierarchy, then an administrator can share resources by selecting child scopes that are beneath their scope in the hierarchy.
For example, for virtual machine templates, the template scopes define a list of tenants whose users can access a shared template.
Abiquo controls access to pricing models with a simple resource scope, according to these rules:
The administrator can use scopes to share VM templates and VApp specs.
Changes to scopes in 4.0
The administrator can manage shared templates and specs with scopes if they have the Allow user to switch enterprises privilege and administrator access to the resource in the enterprise that owns it. The administrator can share a template or spec with their own scope, other available scopes, or a child scope in their hierarchy.
The administrator can edit a template and add one or more available scopes including the global scope.The global scope means that users from all current and future enterprises can access this template.
When creating or editing a spec, the administrator can add one or more available scopes.
This example applies to template and spec scopes.