Versions Compared

Old Version 8

changes.mady.by.user Min Chen

Saved on

compared with

New Version 9

changes.mady.by.user Min Chen

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • Root Admin Group
  • Domain Admin Group
  • End User Group

Account

Account is just our current CloudStack Account, all the permission controls are done at Account level. We can assign an Account to more than one Group.

User

CloudStack user just contains login credentials, and this is not the level that we are performing permission control.

Policy

Policy is a set of permission. Customer should be able to attach several policies to a Group to define the permission for that group. By default, resource owner should have all the permissions to his/her owned resources. Other than that, customer should be able to define extra allow/deny permission in the policy to customize permissions for the group. So far, for cross-account permission grant, we are currently supporting the following 3 types of granting:

  • Grant by Domain and Resource Type: grant permissions to all resources of the given resource type under the given domain.
  • Grant by Account and Resource Type: grant permissions to all resources of the given resource type under the given account.
  • Grant by individual resource: grant permission to an individual resource.