Permissions

The customer Administrator manages Equinix Fabric user permissions from the Equinix Customer Portal. These permissions control whether users can access and manage physical and virtual assets in the Equinix Fabric Portal. Virtual Resource Permissions Management (VRPM) enables the management of user privileges at a more granular level.

Permissions Overview Video

 

Equinix Fabric user permissions are managed by the customer Administrator from the Equinix Customer Portal (ECP). These permissions are enforced in the Equinix Fabric Portal on user login.

To set permissions for users to access and manage physical and virtual assets within the Equinix Fabric Portal:

  1. Log in to the Equinix Customer Portal.

  2. From the Administration menu, select User Management.

  3. Click and select Manage Permission.
  4. Select Equinix Fabric and Network Edge.
  5. Select Equinix Fabric Portal access.

    • This user has Fabric portal access allows the user to access the Equinix Fabric Portal

    • View Ports and Virtual Resources gives the user view-only permissions for ports, and other virtual resources that exist on those ports

      You can check Select All or select the specific ports in the Select Ports section. When you select a port or all ports, the View permission for all virtual resources is enabled

      Note: You can apply this permission to only the current ports or All Future Ports.

    • Place Connections and Service Orders gives you the privileges to create, update, delete and modify all virtual resources on the selected ports.

      Note: You can apply this permission to only the current ports or All Future Ports.

Virtual Resource Permissions Management

Virtual Resource Permissions Management (VRPM) increases the customer Administrator's capability to manage user privileges at a more granular level on ECP, than the port-based permissions functionality.

Note: An existing user's prior privileges remain unaffected.

Important: As a Reseller, your customers can only manage permissions for the Layer 2 and Layer 3 connection Virtual Resources, provided the Reseller Administrator has granted those permissions to these customers in the Equinix Customer Portal.

Currently, there are seven Virtual Resources that can be managed on an Equinix Fabric port:

  • Layer 2 Connections
  • Layer 3 Routing Instances
  • Layer 3 Connectors
  • Layer 3 Subscriptions
  • Layer 2 Service Profiles
  • Layer 3 Service Profiles
  • IP Blocks

Users are given varying levels of access, including Create, View, Modify and Delete permissions on one or more of these Virtual Resources.

Important: To Grant All Permissions (View, Create, Modify and Delete), select Place Connection and Service Orders. The view permissions, is now greyed out with the check mark, which means it is still enabled.

Note: The following checkbox colors show permission types:
  • Blue - Indicates Current Permission
  • Green - Indicates New Permission being granted

  • Red - Indicates Granted Permissions are being removed

Granting Permissions to the Layer 2 Connection Virtual Resource

To set permissions for Layer 2 connections:

  1. Go to Select Virtual Resource Permissions.

  2. Go to Connection and select Grant All Permissions for Layer 2 Connections.

  3. Click Submit.

This user’s privileges are now limited to managing Layer 2 Connections only on the Equinix Fabric ports. The user can't manage any other Equinix Fabric Virtual Resource (unless granted permission for other resources) upon subsequent login to the Equinix Fabric portal.

Note: To grant permissions on specific Equinix Fabric Virtual Resources, select only the check boxes for the virtual resources that you would like the user to access.

Granting Permissions to Manage Layer 2 Service Profile

This capability requires the user to have Create, View, Delete and Modify permissions for Layer 2 Service Profile.

Manage Layer 2 Profiles Video

 

To set permissions to the Layer 2 Service Profile:

  1. Go to Select Virtual Resource Permissions.
  2. Go to Service Profile and select Grant All Permissions to Layer 2 Service Profile.

  3. Click Submit.

This user’s privileges are now limited to managing only Layer 2 Service Profiles on the Equinix Fabric ports. The user can't manage any other Equinix Fabric Virtual Resource (unless granted permission for other resources) upon a subsequent login to the Equinix Fabric Portal.

Granting Permissions to Connect Between Equinix Fabric Ports

To connect between your company's Equinix Fabric ports, the following user permissions are required:

  • All access to the Layer 2 Connections Virtual Resource
  • View access to the Layer 2 Service Profile Virtual Resource

Note: View access is required only for users who want to create connections between Equinix Fabric ports using a Private Service Profile.

To set permissions to connect between Equinix Fabric ports:

  1. Go to Select Virtual Resource Permissions.
  2. Go to Connections and select Grant All permissions for Layer 2 Connections.
  3. Go to Service Profile and select View permission for Layer 2 Service Profile.

  4. Click Submit.

This user’s privileges are now limited to connecting between the Equinix Fabric ports. The user can't manage any other Equinix Fabric Virtual Resource (unless granted permission for other resources) upon subsequent login to the Equinix Fabric portal.

Granting Permissions to Manage Layer 3 Subscriptions to Clouds

Layer 3 Permissions Video

 

To manage Layer 3 Subscriptions to Clouds using the Equinix Fabric portal, the following permissions are required by the user:

  • All access to Layer 3 Subscriptions
  • All access to Layer 3 Routing Instances
  • All access to Layer 3 Connectors

To set permissions to manage Layer 3 Subscriptions:

  1. Go to Select Virtual Resource Permissions.

  2. Select Grant All Permissions for Layer 3 Routing Instances, Layer 3 Subscriptions and Layer 3 Connectors.

  3. Click Submit.

This user’s privileges are now limited to managing only Layer 3 Subscriptions on the Equinix Fabric ports. The user can't manage any other Equinix Fabric Virtual Resource (unless granted permission for other resources) upon a subsequent login to the Equinix Fabric Portal.

Granting View-Only Permissions to Virtual Resources

Grant View-Only Permissions Video

 

To provide view-only access to all Equinix Fabric Virtual Resources, the following privileges are required:

  • View access to Layer 2 Service Profile
  • View access to Layer 3 Service Profile
  • View access to Layer 2 Connections
  • View access to Layer 3 Routing Instances
  • View access to Layer 3 Connectors
  • View access to Layer 3 Subscriptions

To set permissions to View-only Permissions:

  1. Go to Select Virtual Resource Permissions.
  2. Select View permissions for Layer 2 Service profile, Layer 3 Service Profile, Layer 2 Connections, Layer 3 Routing Instances, Layer 3 Connectors and Layer 3 Subscriptions.

  3. Click Submit.

This user’s privileges are now limited to view-only permissions for Virtual Resources on the Equinix Fabric ports. The user can't manage any other Equinix Fabric Virtual Resource (unless granted permission for other resources) upon subsequent login to the Equinix Fabric Portal.

Granting Permissions to Manage IP Blocks

To set permissions to IP Blocks:

  1. Go to Select Virtual Resource Permissions.

  2. Go to IP Blocks and select Grant All Permissions for IP Blocks.

  3. Click Submit.

This user’s privileges are now limited to managing IP Blocks only on the Equinix Fabric ports. The user can't manage any other Equinix Fabric Virtual Resource (unless granted permission for other resources) upon subsequent log in to the Equinix Fabric Portal.

Shared Asset Permission Management

Shared Asset Permissions Video

 

Shared asset permissions allow Equinix Fabric Customers to access ports and create connections across multiple customer organizations using a single log in. Granting shared asset permissions requires two separate steps:

  1. The Administrator of the user's customer organization shares the user with another customer organization.

  2. The Administrator of the other customer organization provides port permissions to the shared user.

Share the User

  1. Log in to Equinix Fabric.

  2. Click Administration and select User Management.

  3. From the user list, locate the user you want to share and click .

  4. Select Manage Permission.

  5. Click Share.

    All of the customer organizations within your global organization are displayed.

  6. Select the checkbox associated with the customer organization you want to share your user with.

  7. Click Submit Changes.

  8. In the Stop/Start sharing user profile with selected organization(s)? prompt, click Submit.

Once the user has been shared, the shared user icon is displayed next to the username in the user list. The Administrator for the customer organization you shared the user with can now grant that user port permissions.

Grant Permissions to the Shared User

  1. Log in to Equinix Fabric.

  2. Click Administration and select User Management.

  3. In the Shared Users drop-down menu, select Include Users from other organizations.

  4. From the user list, locate the user you want to grant permissions and click .

  5. Select Manage Permission.

  6. Click the Equinix Fabric and Network Edge card.

  7. In the Select Port(s) list, click the arrow associated with the IBX containing the ports you want the user to access.

  8. Click the View Ports and Virtual Resources checkbox associated with the port(s) in the selected IBX if you want to grant these permissions.

  9. Click the Place connections and service orders checkbox associated with the port(s) in the selected IBX if you want to grant these permissions.

  10. Click Submit.

Note: When you grant a shared user permissions to access your ports, the user inherits all the same permissions from their home customer organization. As the Administrator of the shared customer organization, you will be able to see the permissions of the shared user, but you will not be able to change them.

Removing All Permissions to Virtual Resources

Remove Permissions Video

 

In order to remove all access to Equinix Fabric virtual resources in the Equinix Fabric portal, the permissions for Place Connections and Service Orders, as well as View Ports, Connections and Services, need to be removed for this user.

  1. To revoke a user’s permissions to no access on any Equinix Fabric virtual resource, de-select the Equinix Fabric portal access This user has Fabric portal access option. This automatically de-selects the View Ports and Virtual Resources and Place Connections and Services Orders permissions. It also removes permissions from all ports.

  2. Click Submit. A message indicates that you are revoking the user's permissions.

  3. Click Submit to confirm your submission.

This user no longer has access to any Equinix Fabric virtual permissions on any ports, and this is enforced the next time they log into the Equinix Fabric Portal.