Resource Access Control

Users who are not contract owners or administrators need access rights to view, use, or edit resources in a VDC. These access rights are assigned to groups and are inherited by group members.

Setting access rights and ownership

Users can access a resource with the following access rights:

• Read: Users can see and use the resource, but they cannot modify it. Read access is automatically granted as soon as a user is assigned to a group that has this access right.

• Edit: Users can modify and delete the resource.

• Share: Users can share a resource, including their access rights, with the groups to which they belong.

A user who created a resource is the owner of that resource and can specify its access rights.

The owner is shown in the Security tab of a resource.

Setting restrictions using Two-Factor Authentication

In addition to enabling access to resource, for users of authorized groups only, data centers and snapshots can be protected even further by restricting access to users who have 2-factor authentication activated. Other users cannot see or select these resources - even if they belong to an authorized group.

Depending on their role, users can set access rights at the resource level and in the User Manager.

Setting access rights at the resource level

1. Select the required resource

2. Open the data center:

• Images: Menu Bar > Resource Manager > Image Manager > Image.

• Snapshots: Menu Bar > Resource Manager > Image Manager > Snapshot.

• IP addresses: Menu Bar > Resource Manager > IP Manager.

• Kubernetes Cluster: Menu Bar > Resource Manager > Kubernetes Manager.

3. Select the required resource

4. Open Security > Visible to Groups

5. Enable access:

• From the + Add Group menu, select the required groups. Read access is granted. Users can see and use, but not modify the resource.

• (Optional) Select further permissions (Edit, Share). You may only share permissions that you have yourself.

6. Restrict or disable access:

• Select the required group

• Deactivate the checkbox of the permission

Read access is retained.

Alternatively, you can click Remove Group. Access will be disabled for all members of the selected group.

Optional: To protect the resource (data center, snapshots) more thoroughly by only allowing access to users whose login is secured with 2-factor authentication, activate the 2-Factor Protected check box.

Setting access rights in the User Manager

Contract owners and administrators can also define in the User Manager who may access a resource to what extent.

Set the access rights in the User Manager

1. Go to Menu Bar > Management > Users & Groups. That is when the User Manager is displayed.

2. In the Resources, select the required resource.

3. Open the Visible to Groups.

4. Enable access

• From the + Add Group list, add the required groups.

• (Optional) To enable write access or sharing of a resource, activate the relevant check box.

5. Disable access: deactivate the checkbox of the permission or click Remove Group.

Optional: To protect the resource (data center, snapshots) more thoroughly by only allowing access to users whose login is secured with 2-factor authentication, activate the 2-Factor Protected check box.

Assigning resources to a group

1. In the Groups, select the required group.

2. Open the Resources of Group.

3. To enable access:

• Select the required resource by clicking on + Grant Access. This enables read access to the selected resource.

• (Optional) To enable write access or sharing of a resource, activate the respective check box.

4. To disable access:

• Select the required resource.

• Deactivate the check box of the appropriate permission or click on Revoke Access.

You can find more information about managing the Groups here.