cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nitin Mehta <>
Subject Re: [GSoC] Accounts vs User
Date Sun, 09 Jun 2013 19:23:10 GMT
In addition, please refer to the wiki below. Feel free to add


On 09/06/13 10:03 PM, "Abhinandan Prateek" <> wrote:

>    In cloudstack a "Domain" is a unit of isolation that represents a
>customer org, business unit or a reseller.
>A domain can have arbitrary level of sub-domains.
>A domain can have one or more accounts. A account is the basic unit of
>isolation. Multiple users can exists in an account.
>Users are like aliases for the account. Users in the same account are not
>isolated from the other users. To access the account you should have at
>least one user that is why you create a user when you create a account.
>The resource limits can be set at account or at domain levels by the
>I don't think we can get account resource limits directly from LDAP, but
>we can have the admin set these up later. We need to figure out the most
>efficient way to map ldap users to domains/accounts/users.
>On 09/06/13 5:30 PM, "Ian Duffy" <> wrote:
>>I was just wondering about the difference between an "account" and a
>>"user", the naming of and layout to me seems unclear.
>>When you navigate to Accounts and click "Add Account" it creates an
>>account with the given information and a user.
>>When you open up the Account you have just created you are able to add
>>multiple users to it, each with a different username, firstname,
>>lastname, email, firstname and timezone. They have the same domain I
>>am unsure about network domain as it is left unshown.
>>Am I correct in thinking:
>>1) An account is more like a group.
>>2) An account/group can not exist without one user (Why does this
>>limitation exist? Surely we should be able to provision groups without
>>having users to assign to them just yet)
>>3) An account/group outlines limits for its user
>>4) A user must be part of an account
>>For the sake of LDAP intergration how should this be done? LDAP
>>wouldn't really contain the neccessary information to populate an
>>"account/group" i.e. limits.

View raw message