Role-based access control (RBAC)#
Role-based access control (RBAC) restricts access to the capabilities of Rackspace Cloud services, including the Billing API, to authorized users only. RBAC enables Rackspace customers to specify which users have access to which Billing API service capabilities, based on roles defined by Rackspace. The permissions to perform certain operations in the Billing API (create, read, update, or delete) are assigned to specific roles. The account owner assigns these roles, either global (multiproduct) or product-specific (for example, Billing), to account users. The specific roles for each API in the API Reference Section are mentioned in their corresponding API sections.
Assigning roles to account users#
The account owner (identity:user-admin) can create account users on the account and then assign roles to those users. The roles grant the account users specific permissions for accessing the capabilities of the Billing service. Each account has only one account owner, and that role is assigned by default to any Rackspace Cloud account when the account is created.
See the Identity API guide for information about how to perform the following tasks:
The account owner (identity:user-admin) role cannot hold any additional roles because it already has full access to all capabilities.
Roles available for Billing#
The following table describes the roles that can be used to access the Billing API.
|Role name||Role permissions|
|billing:admin||This role provides Create, Read, Update, and Delete permissions in Billing, where access is granted.|
|billing:observer||This role provides Read permission in Billing, where access is granted.|