Permissions Matrix for Cloud Networks

The Cloud Networks permissions matrix displays specific permissions for the following role-based access control (RBAC) roles:

Admin provides full access to create, read, update, and delete.
Creator provides limited access to create, read, and update.
Observer provides read-only access.

The matrix displays the Cloud Networks methods grouped by category, their corresponding RESTful API commands, and the roles that are supported.

Network Operations

Method	API action	Role	Description
Retrieve list of networks	`GET /v2.0/networks`	Observer, Creator, Admin	Retrieves list of networks to which the specified tenant has access.
Create network	`POST /v2.0/networks`	Creator, Admin	Creates a network.
Show network	`GET /v2.0/networks/{network_id}`	Observer, Creator, Admin	Retrieves information for a specified network.
Update network	`PUT /v2.0/networks/{network_id}`	Creator, Admin	Updates certain network attributes.
Delete network	`DELETE /v2.0/networks/{network_id}`	Admin	Deletes a specified network and its associated resources.

Subnet Operations

Method	API action	Role	Description
Retrieve list of subnets	`GET /v2.0/subnets`	Observer, Creator, Admin	Retrieves list of subnets to which the specified tenant has access.
Create subnet	`POST /v2.0/subnets`	Creator, Admin	Creates a subnet on a specified network.
Show subnet	`GET /v2.0/subnets/{subnet_id}`	Observer, Creator, Admin	Retrieves information for a specified subnet.
Update subnet	`PUT /v2.0/subnets/{subnet_id}`	Creator, Admin	Updates a specified subnet.
Delete subnet	`DELETE /v2.0/subnets/{subnet_id}`	Admin	Deletes a specified subnet.

Port Operations

Method	API action	Role	Description
Retrieve list of ports	`GET /v2.0/ports`	Observer, Creator, Admin	Retrieves list of ports to which the tenant has access.
Create port	`POST /v2.0/ports`	Creator, Admin	Creates a port on a specified network.
Show port	`GET /v2.0/ports/{port_id}`	Observer, Creator, Admin	Retrieves information for a specified port.
Update port	`PUT /v2.0/ports/{port_id}`	Creator, Admin	Updates a specified port.
Delete port	`DELETE /v2.0/ports/{port_id}`	Admin	Deletes a specified port.

Security Groups Operations

Note: The Security Groups API is currently in Limited Availability. It is available only to Managed Infrastructure customers and not to RackConnect or Managed Operations customers. To use this feature, contact Rackspace Support.

Method	API action	Role	Description
List security groups	`GET /v2.0/security-groups`	Observer, Creator, Admin	Retrieves a list of all security groups to which the specified tenant has access.
Create security group	`POST /v2.0/security-groups`	Creator, Admin	Creates a security group with default security group rules for the `IPv4` and `IPv6` ether types.
Show security group	`GET /v2.0/security-groups/{security_group_id}`	Observer, Creator, Admin	Retrieves information about the specified security group.
Delete security group	`DELETE /v2.0/security-groups/{security_group_id}`	Admin	Deletes a security group and its associated security group rules. The delete operation fails if a port is associated with the security group.
List security group rules	`GET /v2.0/security-group-rules`	Observer, Creator, Admin	Retrieves a list of security group rules for the requestor with the unique ID for each security group rule.
Create security group rule	`POST /v2.0/security-group-rules`	Creator, Admin	Creates a security group rule.
Show security group rule	`GET /v2.0/security-group-rules/{rules-security-groups-id}`	Observer, Creator, Admin	Retrieves information about the specified security group rule.
Delete security group rule	`DELETE /v2.0/security-group-rules/{rules-security-groups-id}`	Admin	Deletes the specified rule from a security group.

Shared IP Address Operations

Note: The Shared IP Addresses API is available to all customers except RackConnect customers.

Method	API action	Role	Description
Retrieve list of IP addresses	`GET /v2.0/ip_addresses`	Observer, Creator, Admin	Retrieves list of IP addresses for the specified tenant.
Retrieve list of IP addresses explicitly associated with a server	`GET /v2/servers/{serverID}/ip_associations`	Observer, Creator, Admin	Retrieves list of IP addresses that are explicitly associated with a server.
Provision IP address	`POST /v2.0/ip_addresses`	Creator, Admin	Provisions an IP address on a specified network.
Update ports with an IP address	`PUT /v2.0/ip_addresses/{ipAddressID}`	Admin	Updates the port IDs that are sharing an IP address, using the IP address ID.
Show IP address details	`GET /v2.0/ip_addresses/{ipAddressID}`	Observer, Creator, Admin	Retrieves information for a specified IP address, using the IP address ID.
De-allocate IP address	`DELETE /v2.0/ip_addresses/{ipAddressID}`	Admin	De-allocates the specified associated IP address from the tenant, using the associated IP address ID.
Explicitly associate IP address with server Note: Before using this operation, you must use the `POST ip_addresses` operation to provision the IP addresses.	`PUT /v2/servers/{serverID}/ip_associations/{IPAddressID}`	Admin	Explicitly associates to a server with an IP address.
Show specific IP addresses explicitly associated with server	`GET /v2/servers/{serverID}/ip_associations/{IPAddressID}`	Observer, Creator, Admin	Retrieves information for a specific IP address explicitly associated with a server using the `/ip_associations` operation by specifying the associated IP address ID.
Delete association between IP address and server	`DELETE /v2/servers/{serverID}/ip_associations/{IPAddressID}`	Admin	Deletes the association between the server and the associated IP address, using the associated IP address ID.

Related Article

Role-based Access Control (RBAC) permissions matrix for Cloud Hosting

Updated 5 days ago