You can configure a reseller role with control over a limited amount of cloud resources, using the restriction sets. Comparing to cloud administrators, resellers have admin permissions within a specific part of the cloud. The reseller's users have the same permissions as regular OnApp users. This section contains information on how you can configure the reseller role.
The reseller role is limited only to the part of the cloud assigned to the reseller by the cloud administrator. Resellers have no influence on the cloud as a whole. This section describes the steps the cloud administrator needs to perform to configure the reseller role. After resellers are granted access to the cloud, they can manage the Look&Feel options of OnApp Control Panel according to their preferences.
To implement and use the reseller instance, cloud administrator must create and tie together the following:
Create Reseller Role
The cloud administrator creates a reseller role for a user. This process is similar to creating other roles in OnApp. For more information on how to create the reseller role, see Create New Role.
We recommend that the cloud administrator grants the reseller full access to all resources, excluding the following permissions:
- Restrictions Resources group
- Restrictions Sets group
- Create/update/destroy role
- Create new zones or resources:
- Create a new backup server zone
- Create backup resource zone
- Create a new data store zone
- Create a new compute zone
- Create a new DNS zone
- Create a new network zone
- Create backup resource
- Create a new CDN resource
- Create a new compute resource
Create Restrictions Set
The restrictions set specifies to which resources in the cloud the reseller will have the limited access. If you do not limit a particular resource, the reseller will have unlimited admin-like access to it. When creating a restrictions set, you tie the role to which a reseller user is assigned with the limitations configured in this set. For information on how to create a restriction set, see Create and Manage Restriction Sets.
Create a bucket for the reseller and specify the limits and prices for the resources. For more information, see Configure Resource Allocation And Prices.
Create User Group
To tie the restrictions set with the end users of the reseller and their resources, create a user group and add there the appropriate user roles.
To create a User Group:
- Go to your Control Panel > Admin > Groups.
- Click the "+" button to create a new User Group.
- On the page that appears specify the following parameters:
- Label - specify the user group's label
- Buckets - select the reseller bucket from the dropbox
- Roles - select the reseller role and the roles requested by the reseller to the group from the dropbox
- User buckets - select the necessary option from the dropbox. this parameter relates to restriction sets only. Specify the list of buckets which will be available for assignment for the users within this user group.
- Click the Save button to save the changes.
Create Reseller Account
Create a reseller account:
- Assign the reseller role to this account
- Assign the reseller's bucket to this account
- Add the reseller to the user group created earlier
For more information on creating users, see Create User.
Create Other Roles Required by Reseller
Create the roles which the reseller requires so that they could add their own users based on it, as the reseller cannot create new or update existing roles. This process is similar to creating other roles on OnApp. For more information, refer to Create New Role section. All further corrections to the roles are performed by the cloud administrator. Therefore, it is important that the resellers inform the cloud administrator what functionality they require for users to have access to.
Billing for Reseller and Reseller's Users
The reseller and the reseller's users are billed separately according to the limits and prices configured in their buckets. The limits and prices set in the reseller's bucket do not affect the limits and prices set in the corresponding user's bucket and vice versa.
If resellers have particular compute/datastore/backup/network zones added to the bucket's Access Control and their users have the corresponding zones restrictions controled by the bucket, only those zones that are added to the reseller's bucket will be available to the end users. Therefore, the following restricted resources for end users depend upon compute/datastore/backup/network zones added to the reseller's bucket:
- Compute Zones (By bucket resources)
- Data Store Zones (By bucket resources)
- Backup Server Zones (By bucket resources)
- Network Zones (By bucket resources)