Operating Environment Software Instruction Manual
◦ Service provider user
Can log into the infrastructure orchestration self service portal and initiate requests for
provisioning using published templates
• Organization
The service provider administrator dynamically creates the organization and makes resources
available to the organization using the infrastructure orchestration console. See “Creating an
organization” (page 154) and “Adding resources to an organization” (page 156) for more
information.
Two Microsoft Windows groups are created on the CMS for each organization:
◦ <organization-id>_Administrators use the infrastructure orchestration organization
administrator portal to manage the organization’s virtual IO system.
◦ <organization-id>_Users are essentially the same as service provider users, except
that the organization user's access and control is restricted to the resources assigned to
the organization’s virtual IO system.
See “Assigning users to an organization” (page 156) for more information.
Security in infrastructure orchestration multi-tenancy
Multi-tenancy in infrastructure orchestration ensures that information from one organization does
not pass to another organization. Table 9 (page 152) and Table 10 (page 154) show how resources
and information is filtered.
Access to resources
Access to resources in infrastructure orchestration is hierarchical. The service provider administrator
has unrestricted access to resources and can make them available to organizations. Within an
organization, the organization administrator controls access to compute resources by organization
users.
A service provider administrator assigns service provider users to templates. However, an
organization administrator cannot assign organization users to templates. An organization user
has access to all of the templates assigned to that organization.
A Windows user may be both a service provider user and an organization user. In this case, if
the Windows user logs into the self service portal, the user will have access to the templates to
which he/she is assigned. If the Windows user logs into the organization administrator portal, the
user has access to all of the templates assigned to the organization.
Table 9 Resources visible to service provider and organization administrators and users
Organization
user/group access
Organization
administrator
access
Service provider
user access
Service provider
administrator
controlsOriginationResource
Visible if assigned
to the organization
Visible if assigned
to the organization
Visible if
published. If
Assign to one or
more
Created by IO
architect using
Infrastructure
orchestration
templates by theby the serviceaccess restrictionsorganizationsinfrastructure
organizationproviderare enabled,and/or restrictorchestration
designer
152 Multi-tenancy in Matrix infrastructure orchestration