Users, Groups and ACLs

vOneCloud offers a powerful mechanism for managing, grouping and assigning roles to users. Permissions and Access Control List mechanisms ensures the ability to allow or forbid access to any resource controlled by vOneCloud, being physical or virtual.

User & Roles

vOneCloud can manage different types of users, attending to the permissions they have over infrastructure and logical resources.

User Type Permissions View
Cloud Administrators enough privileges to perform any operation on any object vcenter
VDC Administrators manage a limited set of resources and users vdcadmin
VDC & End Users access a simplified view with limited actions to create new VMs cloud

Note

VDC is the acronym for Virtual Datacenter

../_images/sunstone_user_list.png

Learn more about user management here.

Group & VDC Management

A group in vOneCloud is an authorization boundary for users, but it can also be used to partition the cloud infrastructure and define what resources are available to each group.

A resource provider is a set of physical hosts and associated datastores and virtual networks, which is logically grouped into a cluster. When you assign a resource provider to a group, users in that group will be able to use resources of that cluster.

A group and an associated resource provider forms a Virtual Datacenter (VDC). VDCs are a great way to partition your cloud into smaller clouds, with their administrator and users, completely isolated from other VDCs.

../_images/sunstone_group_list.png

Read more about groups and VDCs.

Access Control Lists

vOneCloud implements a very useful ACL mechanism that enables fine-tuning of allowed operations for any user, or group of users. Each operation generates an authorization request that is checked against the registered set of ACL rules. There are predefined ACLs that implements default behaviors (like VDC isolation), but they can be altered by the cloud administrator.

../_images/sunstone_acl_list.png

Writing (or even reading) ACL rules is not trivial, more information about ACLs here.