Permissions matrix for Cloud Servers
Last updated on: 2016-12-06
Authored by: Renee Rendon
The Cloud Servers permissions matrix displays specific permissions for the following roles:
- Admin provides full access to create, read, update, and delete.
- Creator provides access to create, read, and update.
- Observer provides read-only access.
The matrix displays the Cloud Servers methods, their corresponding RESTful API commands, and the roles that are supported.
| Method | API action | Role | Description |
|---|---|---|---|
| Retrieve list of servers | GET /servers |
Observer, Creator, Admin | Lists IDs, names, and links for all servers. |
| List servers with details | GET /servers/detail |
Observer, Creator, Admin | Lists all details for all servers. |
| Create server | POST /servers |
Creator, Admin | Creates a server. |
| Show server details | GET /servers/{server_id} |
Observer, Creator, Admin | Lists details for a specified server. |
| Update server | PUT /servers/{server_id} |
Admin | Updates one or more editable attributes for a specified server. |
| Delete server Note: The user must also have a Cloud Block Storage Admin role. |
DELETE /servers/{server_id} |
Admin | Deletes a specified server. |
| Create a server key pair | POST /os-keypairs } |
Creator, Admin | Generates a key pair consisting of a private key and a public key. |
| Retrieve list of key pairs | GET /os-keypairs |
Creator, Admin | Lists a key pair consisting of a private key and a public key. |
| Delete key pair | DELETE /os-keypairs/{keypair_name} |
Creator, Admin | Deletes a key pair of a specified name. |
| Retrieve list of server addresses | GET /servers/{id}/ips |
Observer, Creator, Admin | Lists all networks and server addresses associated with a specified server. |
| List Addresses by Network | GET /servers/{id}/ips/{networkLabel} |
Observer, Creator, Admin | Lists addresses associated with a specified server and network. |
| Change password, Reboot server, Rebuild server, Resize server, Confirm server resize, Revert server resize, Rescue server, Unrescue server, and Create image | POST /servers/{server_id}/action |
Admin | Performs the requested action. |
| Attach volume to server Note: The user must also have a Cloud Block Storage Admin or Creator role. |
POST /servers/{server_id}/os-volume_attachments |
Observer, Creator, Admin | Attaches a volume to the specified server. |
| List server volumes | GET /servers/{server_id}/os-volume_attachments |
Observer, Creator, Admin | Lists the attached volumes for the specified server. |
| Show volume attachment details | GET /servers/{server_id}/os-volume_attachments/{attachment_id} |
Observer, Creator, Admin | Lists volume details for the specified volume attachment ID. |
| Delete volume attachment | DELETE /servers/{server_id}/os-volume_attachments/{attachment_id} |
Admin | Deletes a specified volume attachment from a specified server instance. |
| Retrieve list of flavors | GET /flavors |
Observer, Creator, Admin | Lists IDs, names, and links for all available flavors. |
| Retrieve list of flavors with details | GET /flavors/detail |
Observer, Creator, Admin | Lists all details for all available flavors. |
| Retrieve flavor details | GET /flavors/{flavor_id} |
Observer, Creator, Admin | Lists details of the specified flavor. |
| Retrieve list of images | GET /images |
Observer, Creator, Admin | Lists IDs, names, and links for all available images. |
| Retrieve list of images with details | GET /images/detail |
Observer, Creator, Admin | List all details for all available images. |
| Retrieve image details | GET /images/{image_id} |
Observer, Creator, Admin | Lists details of the specified image |
| Delete image | DELETE /images/{image_id} |
Admin | Deletes the specified image. |
| List server metadata | GET /servers/{server_id}/metadata |
Observer, Creator, Admin | Lists all metadata associated with a server. |
| Retrieve image metadata for a specified image | GET /images/{image_id}/metadata |
Observer, Creator, Admin | Lists all metadata associated with an image. |
| Set server metadata | PUT /servers/{server_id}/metadata |
Admin | Sets metadata for the specified server. |
| Set image metadata for a specified image | POST /images/{image_id}/metadata |
Admin | Sets metadata for the specified image. |
| Update server metadata | POST /servers/{server_id}/metadata |
Admin | Updates metadata items for the specified server. |
| Show server metadata item details | GET /servers/{server_id}/metadata/{key} |
Observer, Creator, Admin | Retrieves a single metadata item associated with a server. |
| Retrieve image metadata item for a specified image | GET /images/{image_id}/metadata/{key} |
Observer, Creator, Admin | Retrieves a single metadata item associated with an image. |
| Set server metadata item | PUT /servers/{server_id}/metadata/{key} |
Admin | Sets a metadata item for a specified server. |
| Set image metadata item for a specified image | PUT /images/{image_id}/metadata/{key} |
Admin | Sets a metadata item for a specified image. |
| Delete server metadata item | DELETE /servers/{server_id}/metadata/{key} |
Admin | Deletes a metadata item for the specified server. |
| Delete image metadata item for a specified image | DELETE /images/{image_id}/metadata/{key} |
Admin | Deletes a metadata item for the specified image. |
| Retrieve list of limits including used limits | GET /limits |
Observer, Creator, Admin | Expands the limits operation to show the project usage, including RAM and instance quotas usage. |
| Enable scheduled images | POST /servers/{server_id}/rax-si-image-schedule |
Creator, Admin | Enables scheduled images on a server by creating an image_schedule resource. |
| Show scheduled images | GET /servers/{server_id}/rax-si-image-schedule |
Observer, Creator, Admin | Shows scheduled images for the specified server. |
| Disable scheduled images | DELETE /servers/{server_id}/rax-si-image-schedule |
Admin | Disables scheduled images by deleting the image_schedule resource that indicates the scheduled image service should create snapshots of this server. |
| Retrieve list of networks | GET /os-networksv2 |
Observer, Creator, Admin | Lists the networks configured for a specified tenant ID. |
| Create network | POST /os-networksv2 |
Creator, Admin | Creates a network for a specified tenant ID. |
| Create server with networks | POST /servers |
Creator, Admin | Provisions a new server with specified networks. |
| Show network | GET /os-networksv2/{network_id} |
Observer, Creator, Admin | Shows information for a specified network ID. |
| Delete network | DELETE /os-networksv2/{network_id} |
Admin | Deletes a specified network. |
| Retrieve list of virtual interfaces | GET /servers/{server_id}/os-virtual-interfacesv2 |
Observer, Creator, Admin | Lists all virtual interfaces configured for a server instance. |
| Create virtual interface and attach to server | POST /servers/{server_id}/os-virtual-interfacesv2 |
Creator, Admin | Creates a virtual interface for a network and attaches the network to a server instance. |
| Delete virtual interface | DELETE /servers/{server_id}/os-virtual-interfacesv2/{interface_id} |
Admin | Deletes a virtual interface from a server instance. |
Related article
Role-Based Access Control (RBAC) permissions matrix for Cloud Hosting
