In order for users to have access to the various OpenvCloud portals they need to be member of specific groups.
The Groups page lists all groups:
There are three main groups:
The user group for restricting, which users have access to the End User Portal
The admin group for restricting, which users have access to the Operator Portals
The ovs_storage group for restricting, which users have access to the Storage Portal
More details and all other groups are discussed below.
Clicking the Name of a group in the Groups table brings you to the Group Details page of that group:
Under Users all users that are member of the group are listed.
By clicking the ID of a group you navigate to the User Details page of that user.
The Action drop down menu allows you to edit group properties or delete the group.
Note that you can also select Add Group from the Action menu on the Group page, allowing you to add/create your own groups. Currently you can't do much however with this...
Within the End User Portal specific user rights are further defined by the end user authorization model, discussed here
The finance group is a legacy "sub" group of the user group. Membership of the finance group was required to access the Consumption page in the End User Portal; this page was however depreciated.
The Operator Portals include the At Your Service Portal, Cloud Broker Portal, Statistics Portal, Grid Portal and the System Portal.
Within the Operator Portals specific user rights are further defined by membership of one of the following "sub" groups:
Note that membership of the level1, level2 and level3 groups also requires explicit membership of the admin group
Following Cloud Broker Portal actions requires level1 group membership in addition to admin group membership:
Adding users to an account
Deleting users from an account
Create cloud spaces
Delete cloud spaces
Rename cloud spaces
Add users to a cloud space
Delete users from a cloud space
Delete Port Forwarding
Move virtual firewall to another node
Reset virtual firewall
Start virtual firewall
Stop virtual firewall
Remove virtual firewall
Deploy virtual firewall
Add extra IP address (not exposed in default UI)
Remove IP address (not exposed in default UI)
Set status (not exposed in default UI)
Check virtual machines
Sync available images to Cloud Broker
Sync available sizes to Cloud Broker
Set image availability
Create virtual machines
Create virtual machine on specific stack
Delete virtual machines
Start virtual machines
Start virtual machines
Stop virtual machines
Pause virtual machines
Resume virtual machines
Reboot virtual machines
Take snapshots of virtual machines
Rollback virtual machine to a snapshot
Delete snapshot of virtual machines
Clone virtual machines
Move virtual machine to another stack
Export virtual machines (not implemented)
Restore virtual machines
List exported virtual machines
Tag virtual machines
Untag virtual machines
List virtual machines
Check image chain of virtual machines
Stop virtual machines for abusive resource usage
Backup and destroy virtual machines
List snapshots of virtual machines
Get history of virtual machines
List port forwards of virtual machines
Create port forwards for virtual machines
Delete port forwards of virtual machines
Add disks to virtual machines
Delete disks from virtual machines
Create templates (images) of virtual machines
Update virtual machines
Attach virtual machines to public network
Detach virtual machines from public network
Update password of users
Send reset password links to users
Following Stack Details page actions requires level2 group membership:
Put in Maintenance
Currently there is no functionality that requires level 3 membership. So level 3 membership will not yield any additional privileges to a user with admin group membership.
In order to have access to the Storage Portal, ovs_admin membership is required.