Managing projects

A project, sometimes referred to as a tenant, is a unit of ownership. Most resources, such as virtual machines, volumes, and images, belong to a specific project. Only users with a role assignment for a given project can work with the resources belonging to that project. The "ibm-default" project is created during installation, but IBM® Cloud Infrastructure Center supports the creation of additional projects for resource segregation.

To work with projects, an admin can log in to the ibm-default project and click Projects from the Configuration page.

After creating a project, you are automatically assigned the admin role for that project. This allows you to assign roles to users on that project. See the Managing roles topic for more information on how to assign roles.

Role assignments are specific to a project. For example, a user could have the vm_manager and storage_manager roles on one project and only the viewer role on another project. Users can only log in to one project at a time in the IBM Cloud Infrastructure Center user interface. If they have a role on multiple projects, they can switch to one of those other projects without having to log out and log back in. When users log in to a project they will only see resources, messages, and so on that belong to that project. They will not see resources that belong to other projects unless they log in to those projects.

The OpenStack admin role is considered global by some OpenStack services for legacy reasons, although it is assigned to a user for a specific project. The IBM Cloud Infrastructure Center user interface shows the resources for a single project, but a user with the admin role assignment could use REST APIs to access resources in any project. Be aware of this and do not grant someone the admin role unless you trust them to manage all resources. If this is a concern, consider assigning that user a different role.

OpenStack does not support moving resources from one project to another. You can move volumes and virtual machines on shared networks by unmanaging them and then remanaging them in the new project.

Note

All resources within a project must be deleted or unmanaged before the project can be deleted. The ibm-default project cannot be deleted.