You can configure a reseller role with control over a limited amount of cloud resources, using the restriction sets. Comparing to cloud administrators, resellers have admin permissions within a specific part of the cloud. The reseller's users have the same permissions as regular OnApp users. This section contains information on how you can configure the reseller role.
The reseller role is limited only to the part of the cloud assigned to the reseller by the cloud administrator. Resellers have no influence on the cloud as a whole. This section describes the steps the cloud administrator needs to perform to configure the reseller role. After resellers are granted access to the cloud, they can manage the Look&Feel options of OnApp Control Panel according to their preferences.
To implement and use the reseller instance, cloud administrator must create and tie together the following:
Create Reseller Role
The cloud administrator creates a reseller role. This process is similar to creating other roles in OnApp. For more information on how to create the reseller role, see Create New Role.
We recommend that the cloud administrator grants the reseller full access to all resources, excluding the following permissions:
- Restrictions Resources group
- Restrictions Sets group
- Create/update/destroy role
- Create new zones or resources
Create Restrictions Set
The restrictions set specifies to which resources in the cloud the reseller will have the limited access. If you do not limit a particular resource, the reseller will have unlimited admin-like access to it. When creating a restrictions set, you tie the role to which a reseller user is assigned with the limitations configured in this set. For information on how to create a restriction set, see Create and Manage Restriction Sets.
Create a bucket for the reseller and specify the limits and prices for the resources. For more information, see Configure Resource Allocation And Prices.
If the restrictions for the reseller role are set based on the bucket approach, then the bucket of the reseller works differently from typical OnApp buckets. In typical ones, if the resources are not added, users assigned to such a bucket will have access to unlimited resources. In case of a reseller, if some resources are not added to the bucket, the reseller will have no access to that resource.
Create User Group
To tie the restrictions set with the end users of the reseller and their resources, create a user group and add there the appropriate user roles.
During the user group creation process, the cloud administrator:
- Adds the reseller role and the roles requested by the reseller to the group
- Adds the reseller's bucket to the group
For more information on how to create a role, see Create New Role.
Create Reseller Account
Create a reseller account:
- Assign the reseller role to this account
- Assign the reseller's bucket to this account
- Add the reseller to the user group created earlier
For more information on creating users, see Create User.
Create Other Roles Required by Reseller
Create the roles which the reseller requires so that they could add their own users based on it, as the reseller cannot create new or update existing roles. This process is similar to creating other roles on OnApp. For more information, refer to Create New Role section. All further corrections to the roles are performed by the cloud administrator. Therefore, it is important that the resellers inform the cloud administrator what functionality they require for users to have access to.
Billing for Reseller and Reseller's Users
The reseller and the reseller's users are billed separately according to the limits and prices configured in their buckets. The limits and prices set in the reseller's bucket do not affect the limits and prices set in the corresponding user's bucket and vice versa.
If resellers have particular compute/datastore/backup/network zones added to the bucket's Access Control and their users have the corresponding zones restrictions controled by the bucket, only those zones that are added to the reseller's bucket will be available to the end users. Therefore, the following restricted resources for end users depend upon compute/datastore/backup/network zones added to the reseller's bucket:
- Compute Zones (By bucket resources)
- Data Store Zones (By bucket resources)
- Backup Server Zones (By bucket resources)
- Network Zones (By bucket resources)