Groups
In order for users to have access to the various OpenvCloud portals they need to be member of specific groups.
The Groups page lists all groups:
There are three main groups:
- The user group for restricting which users have access to the End User Portal
- The admin group for restricting which users have access to the Operator Portals
- The ovs_storage group for restricing which user have access to the Storage Portal
More details and all other groups are discussed below.
Clicking the Name of a group in the Groups table brings you to the Group Details page of that group:
Under Users all users that are member of the group are listed.
By clicking the ID of a group you navigate to the User Details page of that user.
The Action drop down menu allows you to edit group properties or delete the group.
Note that you can also select Add Group from the Action menu on the Group page, allowing you to add/create your own groups. Currently you can't do much however with this...
End User Portal
Within the End User Portal specific user rights are further defined by the end user authorization model, discussed here
The finance group is a legacy "sub" group of the user group. Membership of the finance group was required to access the Consumption page in the End User Portal; this page got however depreciated.
Operator Portals
The Operator Portals include the At Your Service Portal, Cloud Broker Portal, Statistics Portal, Grid Portal and the System Portal.
Within the Operator Portals specific user rights are further defined by membership of one of the following "sub" groups:
Note that membership of the level1, level2 and level3 groups also requires explicit membership of the admin group
Following Cloud Broker Portal actions requires level1 group membership in addition to admin group membership:
Accounts |
---|
Disabling accounts |
Creating accounts |
Enabling accounts |
Renaming accounts |
Deleting accounts |
Adding users to an account |
Deleting users from an account |
Cloud Spaces |
---|
Create cloud spaces |
Delete cloud spaces |
Rename cloud spaces |
Add users to a cloud space |
Delete users from a cloud space |
Delete Port Forwarding |
Private Networks |
---|
Move virtual firewall to another node |
Reset virtual firewall |
Start virtual firewall |
Stop virtual firewall |
Remove virtual firewall |
Deploy virtual firewall |
Add extra IP address (not exposed in default UI) |
Remove IP address (not exposed in default UI) |
Locations |
---|
Set status (not exposed in default UI) |
Purge logs |
Check virtual machines |
Sync available images to Cloud Broker |
Sync available sizes to Cloud Broker |
Images |
---|
Delete images |
Enable images |
Disable images |
Set image availability |
Virtual Machines |
---|
Create virtual machines |
Create virtual machine on specific stack |
Delete virtual machines |
Start virtual machines |
Start virtual machines |
Stop virtual machines |
Pause virtual machines |
Resume virtual machines |
Reboot virtual machines |
Take snapshots of virtual machines |
Rollback virtual machine to a snapshot |
Delete snapshot of virtual machines |
Clone virtual machines |
Move virtual machine to another stack |
Export virtual machines (not implemented) |
Restore virtual machines |
List exported virtual machines |
Tag virtual machines |
Untag virtual machines |
List virtual machines |
Check image chain of virtual machines |
Stop virtual machines for abusive resource usage |
Backup and destroy virtual machines |
List snapshots of virtual machines |
Get history of virtual machines |
List port forwards of virtual machines |
Create port forwards for virtual machines |
Delete port forwards for virtual machines |
Add disks to virtual machines |
Delete disks from virtual machines |
Create templates (images) of virtual machines |
Update virtual machines |
Attach virtual machines to public network |
Detach virtual machines from public network |
User |
---|
Update password of users |
Create users |
Send reset password links to users |
Delete users |
Following Stack Details page actions require level2 group membership:
- Enable
- Put in Maintenance
- Decommission
Currently there is no functionality that requires level 3 membership. So level 3 membership will not yield any additional privileges to a user with admin group membership.
Storage Portal
In order to have access to the Storage Portal, ovs_admin membership is required.