2. Identity And Access Management
User access rights are defined on three levels:
- Account level
- Cloudspace level
- VM level
Types of user privileges:
- Read (R)
- Write (W)
- Admin (A)
A user with certain privileges on an Account has the same access rights on the Cloudspaces within this Account. A user with certain privileges on a Cloudspace has the same access rights on all VMs on this Cloudspace.
Account level
Action | R | W | A |
---|---|---|---|
Create/Delete Accounts | - | - | + |
Enable/Disable Accounts | - | - | + |
Create/Delete Cloudspaces | - | - | + |
Grant/revoke user privileges * | - | - | + |
Update Account capacity parameters | - | - | + |
Update Cloudspace capacity parameters | - | - | + |
Create/Delete Images | - | - | + |
* User privileges on the Account level
Cloudspace level
Action | R | W | A |
---|---|---|---|
Create/Delete VMs | - | + | + |
Grant/revoke user privileges * | - | - | + |
Move VM to another Cloudspace | - | - | + |
* User privileges on the Cloudspace level
VM level
Action | R | W | A |
---|---|---|---|
Create VM Disks | - | + | + |
Detach Disks from VMs | - | + | + |
Take snapshot | - | + | + |
Grant/revoke user privileges * | - | - | + |
Start/Stop VM | - | + | + |
* User privileges on the VM level