The Cloud Orchestration permissions matrix displays specific permissions for the following role-based access control (RBAC) roles:
- Admin provides full access to create, read, update, and delete.
- Creator provides limited access to create, read, and update.
- Observer provides read-only access.
The matrix displays the Cloud Orchestration methods grouped by category, their corresponding RESTful API commands, and the RBAC roles that are supported.
Note: Orchestration users need access to any products used in their templates.
| Method | API action | Role | Description |
|---|
| Create stack | POST /v1/{tenant_id}/stacks | Creator, Admin | Creates a stack. |
| Adopt stack | POST /v1/{tenant_id}/stacks | Creator, Admin | Creates a stack from existing resources. |
| List stack data | GET /v1/{tenant_id}/stacks | Observer, Creator, Admin | Lists active stacks. |
| Find stack | GET /v1/{tenant_id}/stacks/{stack_name} | Observer, Creator, Admin | Finds the canonical URL for a specified stack. This URL works with operations other than GET, so you can perform PUT and DELETE operations on a stack. |
| Show stack details | GET /v1/{tenant_id}/stacks/{stack_name}/{stack_id} | Observer, Creator, Admin | Shows details for a specified stack. |
| Update stack | PUT /v1/{tenant_id}/stacks/{stack_name}/{stack_id} | Creator, Admin | Updates a specified stack. |
| Delete stack | DELETE /v1/{tenant_id}/stacks/{stack_name}/{stack_id} | Admin | Deletes a specified stack and any snapshots of that stack. |
| Preview stack | POST /v1/{tenant_id}/stacks/preview | Creator, Admin | Previews a stack. |
| Abandon stack | DELETE /v1/{tenant_id}/stacks/{stack_name}/{stack_id}/abandon | Admin | Deletes a specified stack but leaves its resources intact, and returns data describing the stack and its resources. |
| Method | API action | Role | Description |
|---|
| Find stack resources | GET /v1/{tenant_id}/stacks/{stack_name}/resources | Observer, Creator, Admin | Finds the canonical URL for the resource list of a specified stack. |
| List resources | GET /v1/{tenant_id}/stacks/{stack_name}/{stack_id}/resources | Observer, Creator, Admin | Lists the resources in a stack. |
| Show resource data | GET /v1/{tenant_id}/stacks/{stack_name}/{stack_id}/resources/{resource_name} | Observer, Creator, Admin | Shows the data for a specified resource. |
| List resource types | GET /v1/{tenant_id}/resource_types | Observer, Creator, Admin | Lists the supported template resource types. |
| Show resource schema | GET /v1/{tenant_id}/resource_types/{type_name} | Observer, Creator, Admin | Shows the interface schema for a specified resource type. |
| Show resource template | GET /v1/{tenant_id}/resource_types/{type_name}/template | Observer, Creator, Admin | Shows the template representation for a specified resource type. |
| Method | API action | Role | Description |
|---|
| Find stack events | GET /v1/{tenant_id}/stacks/{stack_name}/events | Observer, Creator, Admin | Finds the canonical URL for the event list of a specified stack. |
| List stack events | GET /v1/{tenant_id}/stacks/{stack_name}/{stack_id}/events | Observer, Creator, Admin | Lists events for a specified stack. |
| List resource events | GET /v1/{tenant_id}/stacks/{stack_name}/{stack_id}/resources/{resource_name}/events | Observer, Creator, Admin | Lists events for a specified stack resource. |
| Show event details | GET /v1/{tenant_id}/stacks/{stack_name}/{stack_id}/resources/{resource_name}/events/{event_id} | Observer, Creator, Admin | Shows data about a specified event. |
| Method | API action | Role | Description |
|---|
| Get stack template | GET /v1/{tenant_id}/stacks/{stack_name}/{stack_id}/template | Observer, Creator, Admin | Gets a template for a specified stack. |
| Validate template | POST /v1/{tenant_id}/validate | Creator, Admin | Validates a specified template. |
| Method | API action | Role | Description |
|---|
| Show build information | GET /v1/{tenant_id}/build_info | Observer, Creator, Admin | Shows build information for an Orchestration deployment. |
