Abiquo Documentation Cookies Policy

Our Documentation website uses cookies to improve your experience. Please visit our Cookie Policy page for more information about cookies and how we use them.


Abiquo 2.6


Skip to end of metadata
Go to start of metadata

This section lists the privileges set in Abiquo and describes their function in the application. It also shows the privileges assigned to the default roles: CLOUD_ADMIN, ENTERPRISE_ADMIN and USER. No user can delete the default CLOUD_ADMIN role or change the role's permissions. There must always be at least one user with this role.

New Privilege in Abiquo v2.6.5

  1.  Manage virtual machine backup disks

New Privileges in Abiquo v2.6

  1. Manage datacenter backup configuration
  2. Manage workflow tasks
  3. Manage virtual machine backup configuration
  4. Manage virtual machine backup schedule
  5. Delete unkown virtual machines
  6. Display datacenter capacity and free space

Changes to Privileges in Abiquo 2.6

The privilege "Add a cost code when editing a VM template" has been moved from the Pricing section to the Apps Library section

Create Outbound API User

The privileges for the M outbound API role are marked in the Outbound API column. You can create a role with these privileges and assign it to a user that will connect to Abiquo, read all events and stream them and store them in the Abiquo database. Add the user credentials to the abiquo.properties file.

The M user requires the Manage users of all enterprises permission, so it can see users from other enterprises. However, without the Manage users privileges, it cannot modify other users accounts. To test this, log in with the M user, and you will see all users listed, but you will not be able to modify the accounts.

 

 

Key to Info Column of Privileges Table

(star) = new privilege
(warning) = changed privilege
(minus) = deprecated privilege 

Privileges Table
Home Privileges       

GUI Label _________________

Application Tag

Privilege____________________________________

Cloud Admin

Ent Admin

Ent User

Outbound API

Info

List enterprises within scope

ENTERPRISE_ENUMERATE

This privilege allows a user to view the list of enterprises within scope and to view statistics for those enterprises

X

    

Allow user to switch enterprise

ENTERPRISE_ADMINISTER_ALL

This privilege allows a user to change to another enterprise, in order to administer it, by clicking the Impersonate icon in the Enterprises list

X

  X 

Display enterprise statistics

ENTERPRISE_RESOURCE_SUMMARY_ENT

This privilege allows a user to filter statistics by enterprise to display the resources used by an enterprise in the enterprise resources panel

X

X

 X 

Display enterprise limits in statistics

ENTERPRISE_SHOW_STATS_LIMITS

This privilege allows a user to view enterprise limits in addition to resources used in the enterprise resources panel if the user has the Display enterprise statistics privilege

X

X

X

  
Infrastructure Privileges       

GUI Label _________________

Application Tag

Privilege____________________________________

Cloud Admin

Ent Admin

Ent User

Outbound API 

Info

Access Infrastructure view

PHYS_DC_ENUMERATE

This privilege allows a user to access the Infrastructure view and list the physical datacenters

X

  X 

Display resource usage panel

PHYS_DC_RETRIEVE_RESOURCE_USAGE

This privilege allows a user to view the resource usage panel in the Infrastructure view

X

  X 

Manage datacenter

PHYS_DC_MANAGE

This privilege allows a user to manage datacenters (add, edit and delete). Without it, the datacenter's properties will be read only

X

  X 

View datacenter details

PHYS_DC_RETRIEVE_DETAILS

This privilege allows a user to go inside a datacenter and view its details (racks, physical machines, VLANs, storage and allocation rules)

X

  X 

Manage infrastructure elements

PHYS_DC_ALLOW_MODIFY_SERVERS

This privilege allows a user to manage infrastructure elements (add, edit and delete racks and physical machines)

X

  X 

Manage network elements

PHYS_DC_ALLOW_MODIFY_NETWORK

This privilege allows a user to manage network elements (add, edit and delete public VLANs)

X

    

Manage storage elements

PHYS_DC_ALLOW_MODIFY_STORAGE

This privilege allows a user to manage storage elements (add, edit and delete storage devices, pools, tiers and volumes)

X

    

Manage allocation rules

PHYS_DC_ALLOW_MODIFY_ALLOCATION

This privilege allows a user to manage allocation rules (add and delete rules)

X

    

Manage datacenter backup configuration

PHYS_DC_ALLOW_BACKUP_CONFIG

This privilege allows a user to manage backup configuration at datacenter level

X

  X(star)
Virtual Datacenters Privileges       

GUI Label _________________

Application Tag

Privilege____________________________________

Cloud Admin

Ent Admin

Ent User

Outbound API

Info

Access Virtual Datacenters view

VDC_ENUMERATE

This privilege allows a user to access the Virtual Datacenters view

X

X

X

X 

Manage virtual datacenters

VDC_MANAGE

This privilege allows a user to manage Virtual Datacenters (add, edit and delete). Without it, the Virtual Datacenters' details are read only

X

X

 X 

Manage virtual appliances

VDC_MANAGE_VAPP

This privilege allows a user to manage virtual appliances (add, edit and delete)

X

X

X

X 

Manage virtual network elements

VDC_MANAGE_NETWORK

This privilege allows a user to manage private and public VLANS (add, edit and delete)

X

X

   

Manage virtual storage elements

VDC_MANAGE_STORAGE

This privilege allows a user to manage storage volumes (add, edit and delete)

X

X

   
Virtual Appliances Privileges       

GUI Label _________________

Application Tag

Privilege____________________________________

Cloud Admin

Ent Admin

Ent User

Outbound API

Info

Edit virtual appliance details

VAPP_CUSTOMISE_SETTINGS

This privilege allows a user to edit virtual appliance details (name, CPUs, etc.), go inside virtual appliances and view their details

X

X

X

X 

Deploy and undeploy virtual appliances

VAPP_DEPLOY_UNDEPLOY

This privilege allows a user to deploy/undeploy virtual appliances

X

X

X

X 

Manage virtual machine hard disks

MANAGE_HARD_DISKS

This privilege allows a user to access the virtual machine hard disk tab and manage hard disks (add and delete)

X

    

Perform virtual machine actions

VAPP_PERFORM_ACTIONS

This privilege allows a user to perform virtual machine actions (power on/off, pause, reboot, remote access)

X

X

X

X 

Manage persistent templates

VAPP_CREATE_STATEFUL

This privilege allows a user to manage persistent virtual machine templates (create in vApp; create, edit and delete in virtual datacenter)

X

X

X

X 

Create instance

VAPP_CREATE_INSTANCE

This privilege allows a user to create instance templates of a virtual machine within a virtual appliance

X

X

X

  

Manage layers

VAPP_MANAGE_LAYERS

This privilege allows a user to manage anti-affinity layers in virtual appliances (create, edit and delete layers)

X

X

X

  

Manage workflow tasks

WORKFLOW_OVERRIDE

This privilege allows a user to start or cancel queued tasks if workflow is enabled

X

X

  (star)

Manage virtual machine backup configuration

VAPP_MANAGE_BACKUP

This privilege allows a user to access the backup configuration at virtual machine level and set the backup type and contents

X

   (star)

Manage virtual machine backup schedule

VAPP_DEFINE_BACKUP_INFO

This privilege allows a user to specify an additional option for backup configuration by setting backup dates and times

X

   (star)
Manage virtual machine backup disksVAPP_MANAGE_BACKUP_DISKSThis privilege allows a user to specify disks and disk backup types (snapshot and complete)XX  (star) (star)

Delete unkown virtual machines

VAPP_DELETE_UNKNOWN_VM

This privilege allows a user to delete virtual machines in unknown state

X

   (star)
Apps Library Privileges       

GUI Label _________________

Application Tag

Privilege____________________________________

Cloud Admin

Ent Admin

Ent User

Outbound API

Info

Access Appliance Library view

APPLIB_VIEW

This privilege allows a user to access the Appliance Library view

X

X

 X 

Manage VM templates from Appliance Library

APPLIB_ALLOW_MODIFY

This privilege allows a user to view the Appliance Library contents, modify virtual machine templates (download from remote repositories, edit and delete) and promote instances

X

X

 X 

Add a cost code when editing a VM template

APPLIB_VM_COST_CODE

This privilege allows a user to select a cost code when editing a virtual machine template

X

   (warning)

Upload virtual machine template

APPLIB_UPLOAD_IMAGE

This privilege allows a user to upload virtual machine templates from a local file into the Appliance Library

X

X

 X 

Manage repository

APPLIB_MANAGE_REPOSITORY

This privilege allows a user to manage repositories (add and delete repositories)

X

X

   

Download virtual machine template

APPLIB_DOWNLOAD_IMAGE

This privilege allows a user to download virtual machine templates from the Appliance Library to their hard disk

X

X

 X 

Manage VM template categories

APPLIB_MANAGE_CATEGORIES

This privilege allows a user to manage categories of virtual machine templates that belong to their enterprise (add and delete)

X

X

   

Manage VM template global categories

APPLIB_MANAGE_GLOBAL_CATEGORIES

This privilege allows a user to manage categories of virtual machine templates that are common and available to all enterprises (add and delete) Global categories are also called system categories.

X

    

Display datacenter capacity and free space

APPLIB_SHOW_DC_CAPACITY

This privilege allows a user to view the capacity and remaining space of a datacenter

X

   (star)
Users Privileges       

GUI Label _________________

Application Tag

Privilege____________________________________

Cloud Admin

Ent Admin

Ent User

Outbound API

Info

Access Users view

USERS_VIEW

This privilege allows a user to access the Users view

X

X

 X 

Manage enterprises

USERS_MANAGE_ENTERPRISE

This privilege allows a user to manage enterprises (add, edit and delete)

X

  X 

Manage enterprise reserved servers

USERS_MANAGE_RESERVED_MACHINES

This privilege allows a user to manage reserved servers at enterprise level

X

  X 

Modify enterprise theme

USERS_MANAGE_ENTERPRISE_BRANDING

This privilege allows a user to manage enterprise branding (select a specific theme for an enterprise) This privilege is only visible after branding is enabled. By default it is assigned to the CLOUD_ADMIN role.

X

    

Manage users

USERS_MANAGE_USERS

This privilege allows a user to manage users (add, edit and delete)

X

X

 X 

Manage users of all enterprises

USERS_MANAGE_OTHER_ENTERPRISES

This privilege allows a user to manage users of more than one enterprise and move users between enterprises. Without it, the Enterprise list is not shown in Users view

X

  X 

Manage Chef enterprises

USERS_MANAGE_CHEF_ENTERPRISE

This privilege allows a user to enable and manage Chef for enterprises

X

    

No VDC restriction

USERS_PROHIBIT_VDC_RESTRICTION

Normally a user within an enterprise can have a list of VDCs assigned and these will be the only VDCs that they will be able to see. Setting this privilege exempts a user from having their VDC list restricted and they will be able to see all VDCs in their enterprise

X

X

   

Access Roles screen

USERS_VIEW_PRIVILEGES

This privilege allows a user to access the Roles screen

X

    

Manage roles

USERS_MANAGE_ROLES

This privilege allows a user to manage roles (add, edit and delete roles; modify privileges assigned to roles; assign scopes to roles)

X

    

Associate role with enterprise

USERS_MANAGE_ROLES_OTHER_ENTERPRISES

This privilege allows a user to associate a role with any enterprise

X

    

Manage global role

USERS_MANAGE_SYSTEM_ROLES

This privilege allows a user to manage roles that are common and available to all enterprises, rather than being constrained to a single enterprise. Global roles are also called system roles.

X

    

Specify LDAP group

USERS_MANAGE_LDAP_GROUP

This privilege allows a user to associate a role with an LDAP group. When LDAP authentication is activated, a user's role will be determined by the LDAP group that they are a member of

X

    

Display connected users

USERS_ENUMERATE_CONNECTED

This privilege allows a user to display connected users

X

    

Define enterprise manager

USERS_DEFINE_AS_MANAGER

This privilege defines a user as an enterprise manager. Enterprise managers receive physical machine notification emails

X

X

   

Manage scopes

USERS_MANAGE_SCOPES

This privilege allows a user to manage scopes (add, edit and delete scopes)

X

    
System Configuration Privileges       

GUI Label _________________

Application Tag

Privilege____________________________________

Cloud Admin

Ent Admin

Ent User

Outbound API

Info

Access Configuration view

SYSCONFIG_VIEW

This privilege allows a user to access the Configuration view

X

  X 

Modify configuration data

SYSCONFIG_ALLOW_MODIFY

This privilege allows a user to edit all system-wide configuration settings

X

    

Allow access to reports

SYSCONFIG_SHOW_REPORTS

This privilege allows a user to access external reports by clicking the Reports icon. The icon will only be visible if the "Reports URL" system property is not empty (Configuration -> System Properties -> General -> Reports URL)

X

    
Events Privileges       

GUI Label _________________

Application Tag

Privilege____________________________________

Cloud Admin

Ent Admin

Ent User

Outbound API

Info

Display all events for current enterprise

EVENTLOG_VIEW_ENTERPRISE

This privilege allows a user to display all events related to the current enterprise

X

X

X

  

Display all events

EVENTLOG_VIEW_ALL

This privilege allows a user to display all events

X

    
Pricing Privileges       

GUI Label _________________

Application Tag

Privilege____________________________________

Cloud Admin

Ent Admin

Ent User

Outbound API

Info

Access Pricing view

PRICING_VIEW

This privilege allows a user to access the Pricing view

X

  X 

Manage pricing

PRICING_MANAGE

This privilege allows a user to manage pricing components (add, edit and delete currencies, pricing models and cost codes)

X