Abiquo 4.7
A Scope is always a list of resources that the platform uses to allow access in some way. The resources are tenants (enterprises) or cloud locations (datacenters).
An example of a basic scope is the following NationalARegFG with two enterprises (RegionalAF and RegionalAG).
Each user has a scope. A user scope is a list of resources (enterprises and cloud locations) that the user can view and manage. Note that the user will usually also require other permissions to access these resources.
An administrator can manage the users of the enterprises that are in their scope.
For example, an administrator with the NationalARegFG scope can manage the users of the enterprises in the scope (RegionalAF and RegionalAG),.
A scope hierarchy is a tree of scopes with parent and child scope relationships.
The Abiquo UI displays a scope hierarchy as shown in the second column in the following screenshot.
To add a scope to a hierarchy, the administrator selects a parent scope. For example, the parent of the NationalARegFG scope is the NationalAandB scope.
The platform uses the scope hierarchy for two purposes: to enable administrators to share resources and for aggregate billing and reporting of multi-tenant organizations.
The administrator modifies the resource to share, such as a VM template, and assigns it one or more scopes.
Each scope is a list of enterprises. The platform allows all the users of the enterprises in the scope to access the resource.
So an administrator with the NationalAandB scope can select NationalARegFG to share resources.
In addition to VM templates, the administrator can share blueprints, which are called VApp Specs (which is short for Virtual Appliance Specifications).
The platform uses the scope hierarchy for aggregate billing and reporting for tenants that have their own hierarchy with multiple tenants.
To designate that an enterprise is the "headquarters" of a group of organizations that are underneath it in the hierarchy, the administrator creates or edits the enterprise and sets the "key node" flag.
The administrator can designate that an enterprise is a reseller, to enable this tenant to charge their customers for use of the platform.
The cloud administrator has the default global scope, which has access to all enterprise tenants and cloud locations.
A scope can have unlimited access to enterprise tenants and/or cloud locations. This means that it has access to ALL current and future resources.
For example, if a scope has access to all cloud locations ("All datacenters"), then new public cloud regions will automatically be added to it.