Login to SCP at the right-left corner move mouse on the admin click User and Access Management. Here you can create Platform Admins, MSP Administrators, Tenants, Tenant Co-Administrators, Tenant Users and Other Users according to your requirements.

• Platform Admins:

The platform administrator is the highest-privileged role in the SCP cloud computing platform, primarily responsible for global platform management and resource configuration.

The main responsibilities of the platform administrator include:

Resource Management: Managing clusters, creating resource pools, allocating quotas to tenants, etc.

User Management: Creating and managing other platform administrators, tenants, and tenant sub-accounts.

System Operation and Maintenance: Monitoring platform operation status, handling alerts, configuring and maintaining the system.

Service Management: Enabling or deploying advanced services, such as network visualization (aNI), cloud security center (aSEC), etc.

Platform Administrator Role Types:

The platform includes a built-in Super Administrator (admin) role, which can create other platform administrator roles with specific permissions. These roles include:

System Admin: Has full access to all platform business operations (excluding user and role management, and audit operation permissions).

Security Administrator: Responsible for account authorization, role management, password policies, two-factor authentication, and other security management tasks.

Audit Admin: Has only permission to view and manage logs.

aSEC Admin: Specializes in managing the cloud security center.

aNI Admin: Specializes in managing the network visualization function.

• MSP administrator:

The MSP administrator is a special management role in the SCP cloud computing platform, primarily used in hosted cloud or service provider scenarios to achieve multi-level resource quota allocation and management.

Core Responsibilities:

The core responsibility of the operations administrator is to receive resource quotas allocated by the platform administrator and further distribute these quotas to various tenants under their management.

Main Features and Functions:

Resource Allocation: The platform administrator can assign HCI resource pools, dedicated server groups, or VMware resource pools to the operations administrator, and set specific resource quotas.

Tenant Management: The platform administrator can assign an operations administrator to each tenant. Once assigned, the resources used by the tenant will be limited by the quota of the designated operations administrator.

Independent Login: The operations administrator has a dedicated login portal, accessible at: https://{SCP-IP}/msp-login.

Cost Management: The operations administrator can view and export an overview of the consumption and billing details for all tenants under their management and can also set unit prices.

Enabling the operations administrator role requires switching the platform to "operation mode," a process that is irreversible. Please carefully assess the usage scenarios.

The name, email, and phone number of the operations administrator must be unique and cannot be reused by other users.

• Tenant:

A tenant is a user to whom the platform administrator assigns resource quotas, similar to a department within a company. Tenants have their own independent resource space and network environment for deploying and managing business applications.

Core Functions of a Tenant

Resource Management: Tenants can use the resource pools (computing, storage, network) allocated by the platform administrator to create and manage cloud hosts, hard drives, networks, and other resources.

Network Deployment: Tenants can create and manage VPC networks or use classic networks. Within the VPC network, they can create subnets, configure access control, port mappings, and deploy NFV devices.

Self-Service: Tenants can manage their sub-accounts, submit requests for additional quotas, view consumption records, and use the recycle bin feature.

• Tenant co-administrator:

The tenant co-administrator is an important role in the SCP cloud computing platform, primarily responsible for assisting the tenant administrator in resource management.

Main Features and Functions:

The tenant co-administrator has management rights for certain resources within the tenant.

The platform administrator can configure specific permission policies for the tenant co-administrator, defining the scope of their management.

The scope of permissions can include over 100 types of resources, such as cloud hosts, resource pools, NFV, and other resources.

The platform administrator can only set permissions for platform administrators and cannot set permissions for tenants.

Tenants can set permissions for co-administrators but cannot set permissions for sub-accounts.

The permission policy feature is supported only in SCP version 6.9.0 and above.

• Tenant users:

The tenant users is the third-level role in the SCP cloud computing platform's multi-tenant model, typically corresponding to individual employees within a department.

Core Features and Functions

Permission Scope: Tenant sub-accounts have management permissions for the cloud host resources associated with them, but the scope of these permissions is set by the tenant administrator.

• Other users:

Other users refers to user accounts imported into the platform through external authentication systems (such as LDAP).

Management Permissions:

The platform administrator can view and manage all "other users."

Roles (such as platform administrator, tenant, etc.) must be assigned to these users before they can use platform features properly.

{{ $t('index.defaultHeader.logo') }}

Sangfor Cloud Platform (SCP)

Configure Role-Based Access Control (RBAC)