Permissions Matrix for Next Generation Cloud Servers

The Cloud Servers permissions matrix displays specific permissions for the
following roles:

  • Admin provides full access to create, read, update, and delete.
  • Creator provides access to create, read, and update.
  • Observer provides read-only access.

The matrix displays the Cloud Servers methods, their corresponding RESTful API commands,
and the roles that are supported.

MethodAPI actionRoleDescription
Retrieve list of serversGET /serversObserver, Creator, AdminLists IDs, names, and links for all servers.
List servers with detailsGET /servers/detailObserver, Creator, AdminLists all details for all servers.
Create serverPOST /serversCreator, AdminCreates a server.
Show server detailsGET /servers/{server_id}Observer, Creator, AdminLists details for a specified server.
Update serverPUT /servers/{server_id}AdminUpdates one or more editable attributes for a specified server.
Delete server

Note: The user must also have a Cloud Block Storage Admin role.
DELETE /servers/{server_id}AdminDeletes a specified server.
Create a server key pairPOST /os-keypairs }Creator, AdminGenerates a key pair consisting of a private key and a public key.
Retrieve list of key pairsGET /os-keypairsCreator, AdminLists a key pair consisting of a private key and a public key.
Delete key pairDELETE /os-keypairs/{keypair_name}Creator, AdminDeletes a key pair of a specified name.
Retrieve list of server addressesGET /servers/{id}/ipsObserver, Creator, AdminLists all networks and server addresses associated with a specified server.
List Addresses by NetworkGET /servers/{id}/ips/{networkLabel}Observer, Creator, AdminLists addresses associated with a specified server and network.
Change password, Reboot server, Rebuild server, Resize server, Confirm server resize, Revert server resize, Rescue server, Unrescue server, and Create imagePOST /servers/{server_id}/actionAdminPerforms the requested action.
Attach volume to server

Note: The user must also have a Cloud Block Storage Admin or Creator role.
POST /servers/{server_id}/os-volume_attachmentsObserver, Creator, AdminAttaches a volume to the specified server.
List server volumesGET /servers/{server_id}/os-volume_attachmentsObserver, Creator, AdminLists the attached volumes for the specified server.
Show volume attachment detailsGET /servers/{server_id}/os-volume_attachments/{attachment_id}Observer, Creator, AdminLists volume details for the specified volume attachment ID.
Delete volume attachmentDELETE /servers/{server_id}/os-volume_attachments/{attachment_id}AdminDeletes a specified volume attachment from a specified server instance.
Retrieve list of flavorsGET /flavorsObserver, Creator, AdminLists IDs, names, and links for all available flavors.
Retrieve list of flavors with detailsGET /flavors/detailObserver, Creator, AdminLists all details for all available flavors.
Retrieve flavor detailsGET /flavors/{flavor_id}Observer, Creator, AdminLists details of the specified flavor.
Retrieve list of imagesGET /imagesObserver, Creator, AdminLists IDs, names, and links for all available images.
Retrieve list of images with detailsGET /images/detailObserver, Creator, AdminList all details for all available images.
Retrieve image detailsGET /images/{image_id}Observer, Creator, AdminLists details of the specified image
Delete imageDELETE /images/{image_id}AdminDeletes the specified image.
List server metadataGET /servers/{server_id}/metadataObserver, Creator, AdminLists all metadata associated with a server.
Retrieve image metadata for a specified imageGET /images/{image_id}/metadataObserver, Creator, AdminLists all metadata associated with an image.
Set server metadataPUT /servers/{server_id}/metadataAdminSets metadata for the specified server.
Set image metadata for a specified imagePOST /images/{image_id}/metadataAdminSets metadata for the specified image.
Update server metadataPOST /servers/{server_id}/metadataAdminUpdates metadata items for the specified server.
Show server metadata item detailsGET /servers/{server_id}/metadata/{key}Observer, Creator, AdminRetrieves a single metadata item associated with a server.
Retrieve image metadata item for a specified imageGET /images/{image_id}/metadata/{key}Observer, Creator, AdminRetrieves a single metadata item associated with an image.
Set server metadata itemPUT /servers/{server_id}/metadata/{key}AdminSets a metadata item for a specified server.
Set image metadata item for a specified imagePUT /images/{image_id}/metadata/{key}AdminSets a metadata item for a specified image.
Delete server metadata itemDELETE /servers/{server_id}/metadata/{key}AdminDeletes a metadata item for the specified server.
Delete image metadata item for a specified imageDELETE /images/{image_id}/metadata/{key}AdminDeletes a metadata item for the specified image.
Retrieve list of limits including used limitsGET /limitsObserver, Creator, AdminExpands the limits operation to show the project usage, including RAM and instance quotas usage.
Enable scheduled imagesPOST /servers/{server_id}/rax-si-image-scheduleCreator, AdminEnables scheduled images on a server by creating an image_schedule resource.
Show scheduled imagesGET /servers/{server_id}/rax-si-image-scheduleObserver, Creator, AdminShows scheduled images for the specified server.
Disable scheduled imagesDELETE /servers/{server_id}/rax-si-image-scheduleAdminDisables scheduled images by deleting the image_schedule resource that indicates the scheduled image service should create snapshots of this server.
Retrieve list of networksGET /os-networksv2Observer, Creator, AdminLists the networks configured for a specified tenant ID.
Create networkPOST /os-networksv2Creator, AdminCreates a network for a specified tenant ID.
Create server with networksPOST /serversCreator, AdminProvisions a new server with specified networks.
Show networkGET /os-networksv2/{network_id}Observer, Creator, AdminShows information for a specified network ID.
Delete networkDELETE /os-networksv2/{network_id}AdminDeletes a specified network.
Retrieve list of virtual interfacesGET /servers/{server_id}/os-virtual-interfacesv2Observer, Creator, AdminLists all virtual interfaces configured for a server instance.
Create virtual interface and attach to serverPOST /servers/{server_id}/os-virtual-interfacesv2Creator, AdminCreates a virtual interface for a network and attaches the network to a server instance.
Delete virtual interfaceDELETE /servers/{server_id}/os-virtual-interfacesv2/{interface_id}AdminDeletes a virtual interface from a server instance.

Related article

Role-Based Access Control (RBAC) permissions matrix for Cloud Hosting