Permissions Matrix for Cloud Orchestration

Suggest Edits

The Cloud Orchestration permissions matrix displays specific permissions for the following role-based access control (RBAC) roles:

Admin provides full access to create, read, update, and delete.
Creator provides limited access to create, read, and update.
Observer provides read-only access.

The matrix displays the Cloud Orchestration methods grouped by category, their corresponding RESTful API commands, and the RBAC roles that are supported.

Stack Operations

Note: Orchestration users need access to any products used in their templates.

Method	API action	Role	Description
Create stack	`POST /v1/{tenant_id}/stacks`	Creator, Admin	Creates a stack.
Adopt stack	`POST /v1/{tenant_id}/stacks`	Creator, Admin	Creates a stack from existing resources.
List stack data	`GET /v1/{tenant_id}/stacks`	Observer, Creator, Admin	Lists active stacks.
Find stack	`GET /v1/{tenant_id}/stacks/{stack_name}`	Observer, Creator, Admin	Finds the canonical URL for a specified stack. This URL works with operations other than `GET`, so you can perform `PUT` and `DELETE` operations on a stack.
Show stack details	`GET /v1/{tenant_id}/stacks/{stack_name}/{stack_id}`	Observer, Creator, Admin	Shows details for a specified stack.
Update stack	`PUT /v1/{tenant_id}/stacks/{stack_name}/{stack_id}`	Creator, Admin	Updates a specified stack.
Delete stack	`DELETE /v1/{tenant_id}/stacks/{stack_name}/{stack_id}`	Admin	Deletes a specified stack and any snapshots of that stack.
Preview stack	`POST /v1/{tenant_id}/stacks/preview`	Creator, Admin	Previews a stack.
Abandon stack	`DELETE /v1/{tenant_id}/stacks/{stack_name}/{stack_id}/abandon`	Admin	Deletes a specified stack but leaves its resources intact, and returns data describing the stack and its resources.

Stack Resources

Method	API action	Role	Description
Find stack resources	`GET /v1/{tenant_id}/stacks/{stack_name}/resources`	Observer, Creator, Admin	Finds the canonical URL for the resource list of a specified stack.
List resources	`GET /v1/{tenant_id}/stacks/{stack_name}/{stack_id}/resources`	Observer, Creator, Admin	Lists the resources in a stack.
Show resource data	`GET /v1/{tenant_id}/stacks/{stack_name}/{stack_id}/resources/{resource_name}`	Observer, Creator, Admin	Shows the data for a specified resource.
List resource types	`GET /v1/{tenant_id}/resource_types`	Observer, Creator, Admin	Lists the supported template resource types.
Show resource schema	`GET /v1/{tenant_id}/resource_types/{type_name}`	Observer, Creator, Admin	Shows the interface schema for a specified resource type.
Show resource template	`GET /v1/{tenant_id}/resource_types/{type_name}/template`	Observer, Creator, Admin	Shows the template representation for a specified resource type.

Stack Events

Method	API action	Role	Description
Find stack events	`GET /v1/{tenant_id}/stacks/{stack_name}/events`	Observer, Creator, Admin	Finds the canonical URL for the event list of a specified stack.
List stack events	`GET /v1/{tenant_id}/stacks/{stack_name}/{stack_id}/events`	Observer, Creator, Admin	Lists events for a specified stack.
List resource events	`GET /v1/{tenant_id}/stacks/{stack_name}/{stack_id}/resources/{resource_name}/events`	Observer, Creator, Admin	Lists events for a specified stack resource.
Show event details	`GET /v1/{tenant_id}/stacks/{stack_name}/{stack_id}/resources/{resource_name}/events/{event_id}`	Observer, Creator, Admin	Shows data about a specified event.

Templates

Method	API action	Role	Description
Get stack template	`GET /v1/{tenant_id}/stacks/{stack_name}/{stack_id}/template`	Observer, Creator, Admin	Gets a template for a specified stack.
Validate template	`POST /v1/{tenant_id}/validate`	Creator, Admin	Validates a specified template.

Build Information

Method	API action	Role	Description
Show build information	`GET /v1/{tenant_id}/build_info`	Observer, Creator, Admin	Shows build information for an Orchestration deployment.

Updated 7 days ago