Permissions Matrix for Cloud Block Storage

The Cloud Block Storage permissions matrix displays specific permissions for the following role-based access control (RBAC) roles:

  • Admin provides full access to create, read, update, and delete.
  • Creator provides access to create, read, and update.
  • Observer provides read-only access.

The matrix displays the Cloud Block Storage methods, their corresponding RESTful API commands, and the RBAC roles that are supported.

Volumes

MethodAPI actionRoleDescription
Create a volumePOST /v1/{tenant_Id}/volumesCreator, AdminCreates a volume.
Retrieve volumesGET /v1/{tenant_id}/volumesObserver, Creator, AdminRetrieves summary information for all block storage volumes that the tenant who submits the request can access.
Retrieve volumes (detailed)GET /v1/{tenant_id}/volumes/detailObserver, Creator, AdminRetrieves detailed information for all block storage volumes that the tenant who submits the request can access.
Retrieve details for a volumeGET /v1/{tenant_id}/volumes/{volume_id}Observer, Creator, AdminRetrieves details for a specified volume.
Update a volumePUT /v1/{tenant_id}/volumes/{volume_id}Observer, Creator, AdminUpdates the name and description for a volume.
Delete a volumeDELETE /v1/{tenant_id}/volumes/{volume_id}AdminDeletes a single volume.

Volume types

MethodAPI ActionRoleDescription
Retrieve volume typesGET /v1/{tenant_id}/typesObserver, Creator, AdminRetrieves volume types.
Retrieve volume type detailsGET /v1/{tenant_id}/types/{volume_type_id}Creator, AdminRetrieves details for a specified volume type.

Snapshots

MethodAPI ActionRoleDescription
Create a snapshotPOST /v1/{tenant_id}/snapshotsCreator, AdminCreates a snapshot.
Retrieve snapshotsGET /v1/{tenant_id}/snapshotsObserver, Creator, AdminRetrieves summary information for all block storage snapshots that the tenant who submits the request can access.
Retrieve snapshots (detailed)GET /v1/{tenant_id}/snapshots/detailObserver, Creator, AdminRetrieves detailed information for all block storage snapshots that the tenant who submits the request can access.
Retrieve details for a snapshotGET /v1/{tenant_id}/snapshots/{snapshot_id}Observer, Creator, AdminRetrieves details for the specified snapshot.
Delete a snapshotDELETE /v1/{tenant_id}/snapshots/{snapshot_id}Admin onlyDeletes a snapshot.

Related articles