Chapter 2. Projects and Users

As a cloud administrator, you can manage both projects and users. Projects are organizational units in the cloud to which you can assign users. Projects are also known as tenants or accounts. You can manage projects and users independently from each other. Users can be members of one or more projects.
During cloud setup, the operator defines at least one project, user, and role. The operator links the role to the user and the user to the project. Roles define the actions that users can perform. As a cloud administrator, you can create additional projects and users as needed. Additionally, you can add, update, and delete projects and users, assign users to one or more projects, and change or remove these assignments. To enable or temporarily disable a project or user, update that project or user.
After you create a user account, you must assign the account to a primary project. Optionally, you can assign the account to additional projects. Before you can delete a user account, you must remove the user account from its primary project.

2.1. Manage Projects

2.1.1. Create a Project

  1. As an admin user in the dashboard, select Identity > Projects.
  2. Click Create Project.
  3. On the Project Information tab, enter a name and description for the project (the Enabled check box is selected by default).
  4. On the Project Members tab, add members to the project from the All Users list.
  5. On the Quotas tab, specify resource limits for the project.
  6. Click Create Project.

2.1.2. Update a Project

You can update a project to change its name or description, enable or temporarily disable it, or update its members.
  1. As an admin user in the dashboard, select Identity > Projects.
  2. In the project's Actions column, click the arrow, and click Edit Project.
  3. In the Edit Project window, you can update a project to change its name or description, and enable or temporarily disable the project.
  4. On the Project Members tab, add members to the project, or remove them as needed.
  5. Click Save.
Note
The Enabled check box is selected by default. To temporarily disable the project, clear the Enabled check box. To enable a disabled project, select the Enabled check box.

2.1.3. Delete a Project

  1. As an admin user in the dashboard, select Identity > Projects.
  2. Select the project to delete.
  3. Click Delete Projects.
  4. Click Delete Projects again.
Note
You cannot undo the delete action.

2.1.4. Update Project Quotas

Quotas are maximum limits that can be set per project, so that the project's resources are not exhausted.
  1. As an admin user in the dashboard, select Identity > Projects.
  2. In the project's Actions column, click the arrow, and click Modify Quotas.
  3. In the Quota tab, modify project quotas as needed.
  4. Click Save.

2.1.5. Manage Project Security

Security groups are sets of IP filter rules that can be assigned to project instances, and which define networking access to the instance. Security groups are project specific; project members can edit the default rules for their security group and add new rule sets.
All projects have a default security group that is applied to any instance that has no other defined security group. Unless you change the default values, this security group denies all incoming traffic and allows only outgoing traffic to your instance.

2.1.5.1. Create a Security Group

  1. In the dashboard, select Project > Compute > Access & Security.
  2. On the Security Groups tab, click Create Security Group.
  3. Provide a name and description for the group, and click Create Security Group.

2.1.5.2. Add a Security Group Rule

By default, rules for a new group only provide outgoing access. You must add new rules to provide additional access.
  1. In the dashboard, select Project > Compute > Access & Security.
  2. On the Security Groups tab, click Manage Rules for the security group.
  3. Click Add Rule to add a new rule.
  4. Specify the rule values, and click Add.

    Table 2.1. Required Rule Fields

    Field Description
    Rule
    Rule type. If you specify a rule template (for example, 'SSH'), its fields are automatically filled in:
    • TCP: Typically used to exchange data between systems, and for end-user communication.
    • UDP: Typically used to exchange data between systems, particularly at the application level.
    • ICMP: Typically used by network devices, such as routers, to send error or monitoring messages.
    Direction Ingress (inbound), or Egress (outbound)
    Open Port
    For TCP or UDP rules, the Port or Port Range to open for the rule (single port or range of ports):
    • For a range of ports, enter port values in the From Port and To Port fields.
    • For a single port, enter the port value in the Port field.
    Type The type for ICMP rules; must be in the range '-1:255'.
    Code The code for ICMP rules; must be in the range '-1:255'.
    Remote The traffic source for this rule:
    • CIDR (Classless Inter-Domain Routing): IP address block, which limits access to IPs within the block. Enter the CIDR in the Source field.
    • Security Group: Source group that enables any instance in the group to access any other group instance.

2.1.5.3. Delete a Security Group Rule

  1. In the dashboard, select Project > Compute > Access & Security.
  2. On the Security Groups tab, click Manage Rules for the security group.
  3. Select the security group rule, and click Delete Rule.
  4. Click Delete Rule.
Note
You cannot undo the delete action.

2.1.5.4. Delete a Security Group

  1. In the dashboard, select Project > Compute > Access & Security.
  2. On the Security Groups tab, select the group, and click Delete Security Groups.
  3. Click Delete Security Groups.
Note
You cannot undo the delete action.