Hi Stephan, > if you were planing to give all users within the domain access to all VMs in > a domain, > but are searching for a way to restrict users with specific rights, > then one way is to define custom roles, based on the type "DomainAdmin". > This part is important, because only then users of an account based on this > custom role will see all VMs.
Ah - that actually makes a lot of sense now. I was initially under the impression that accounts themselves were the fundamental scope of isolated resources, but knowing that if you give an account a domain admin role the resources become scoped to the domain instead that actually makes things a lot more understandable. > I am curious to see how others solve this requirement. Of course I'm curious if other people are achieving this in other ways, but thanks :) Rhys
