A domain can have multiple Accounts. Each Account can have multiple users. Ownership of resources is tied to an
account. Users are mere synonyms for accessing the account resources just like in a bank joint account, different users have visibility to the bank account. They just have different usernames and passwords but ultimately they use the same bank account funds. Play with creating accounts and users in CS UI and you will understand it better.
More details.
- A user can belong to only one Account, .ie. the same User cannot belong to multiple Accounts.
- Whenever creating an account at any domain level it can be of two types - Admin or user. If account == Admin then he will be domain admin of that domain and if created with type=user he will be a regular account under that domain.
- An admin created at ROOT level is called ROOT admin and since ROOT is the top domain he has privileges to act on all the resources.
- A Username is unique in a Domain across Accounts in that Domain. The same username can exist in other domains, including subdomains.
- Account name is unique in a domain. The same Account name can exist in other domains, including subdomains.
- Domain name can repeat as long as the full pathname from ROOT is unique. For ex, you can have ROOT/d1, as well as ROOT/foo/d1, and ROOT/bar/d1.
- Resources belong to an Account, not individual users in that account. Billing, resource limits etc are maintained by Account, not users
- CloudStack allows you to create 3 different types of accounts --> admin/domain-admin or user account. All the roles (admin, domain admins and user) are attached at account level. Try creating them on CS UI and you will understand the difference.
- Under the account all the users have the same privileges. There are no role based users in one account.
- We can have multiple admins for the same domain.
- All the domains are created under the ROOT domain.