Resource Access Control
Users who are not contract owners or administrators need access rights to view, use, or edit resources in a VDC. These access rights are assigned to groups and are inherited by group members.
Setting access rights and ownership
Users can access a resource with the following access rights:
Read: Users can see and use the resource, but they cannot modify it. Read access is automatically granted as soon as a user is assigned to a group that has this access right.
Edit: Users can modify and delete the resource.
Share: Users can share a resource, including their access rights, with the groups to which they belong.
A user who created a resource is the owner of that resource and can specify its access rights.
The owner is shown in the Security tab of a resource.
Setting restrictions using Two-Factor Authentication
In addition to enabling access to resource, for users of authorized groups only, data centers and snapshots can be protected even further by restricting access to users who have 2-factor authentication activated. Other users cannot see or select these resources - even if they belong to an authorized group.
Depending on their role, users can set access rights at the resource level and in the User Manager.
Setting access rights at the resource level
Prerequisites: Make sure that you have the appropriate permissions. Only contract owners, administrators, or users with access rights permission can share the required resource. Other user types have read-only access and cannot provision changes.
Select the required resource
Open the data center:
Images: Menu Bar > Resource Manager > Image Manager > Image.
Snapshots: Menu Bar > Resource Manager > Image Manager > Snapshot.
IP addresses: Menu Bar > Resource Manager > IP Manager.
Kubernetes Cluster: Menu Bar > Resource Manager > Kubernetes Manager.
3. Select the required resource
4. Open Security > Visible to Groups
5. Enable access:
From the + Add Group menu, select the required groups. Read access is granted. Users can see and use, but not modify the resource.
(Optional) Select further permissions (Edit, Share). You may only share permissions that you have yourself.
6. Restrict or disable access:
Select the required group
Deactivate the checkbox of the permission
Read access is retained.
Alternatively, you can click Remove Group. Access will be disabled for all members of the selected group.
Optional: To protect the resource (data center, snapshots) more thoroughly by only allowing access to users whose login is secured with 2-factor authentication, activate the 2-Factor Protected check box.
Setting access rights in the User Manager
Contract owners and administrators can also define in the User Manager who may access a resource to what extent.
Prerequisites: Make sure you have the appropriate permissions. Only contract owners and administrators can set the access rights.
Set the access rights in the User Manager
Go to Menu Bar > Management > Users & Groups. That is when the User Manager is displayed.
In the Resources, select the required resource.
Open the Visible to Groups.
Enable access
From the + Add Group list, add the required groups.
(Optional) To enable write access or sharing of a resource, activate the relevant check box.
5. Disable access: deactivate the checkbox of the permission or click Remove Group.
Optional: To protect the resource (data center, snapshots) more thoroughly by only allowing access to users whose login is secured with 2-factor authentication, activate the 2-Factor Protected check box.
Assigning resources to a group
In the Groups, select the required group.
Open the Resources of Group.
To enable access:
Select the required resource by clicking on + Grant Access. This enables read access to the selected resource.
(Optional) To enable write access or sharing of a resource, activate the respective check box.
4. To disable access:
Select the required resource.
Deactivate the check box of the appropriate permission or click on Revoke Access.
You can find more information about managing the Groups here.
Last updated