OpenNebula has a very flexible approach to user and resource management. You can organize your users in groups or VDCs, allow them to manage their own resouces with permissions, restrict how much resources users or groups can consume, or implement intricate use cases with ACL rules.
For OpenNebula 4.4. we will also introduce secondary groups. These will work in a similar way to the unix groups: users will have a primary group, and optionally several secondary groups. This new feature is completely integrated with the current mechanisms mentioned above allowing, for example, to perform the following actions:
- The list of images visible to a user contains all the images shared within any of his groups.
- You can deploy a VM using an Image from one of your groups, and a second Image from another group.
- New resources are created in the owner’s primary group, but users can later change that resource’s group.
- Users can change their primary group to any of their secondary ones.
And, as always, secondary groups can be easily managed through our Sunstone web interface:
Stay tuned for the beta release, we’ll be happy to get your feedback!