Permissions matrix for Cloud Servers
Last updated on: 2016-12-06
Authored by: Renee Rendon
The Cloud Servers permissions matrix displays specific permissions for the following roles:
- Admin provides full access to create, read, update, and delete.
- Creator provides access to create, read, and update.
- Observer provides read-only access.
The matrix displays the Cloud Servers methods, their corresponding RESTful API commands, and the roles that are supported.
Method | API action | Role | Description |
---|---|---|---|
Retrieve list of servers | GET /servers |
Observer, Creator, Admin | Lists IDs, names, and links for all servers. |
List servers with details | GET /servers/detail |
Observer, Creator, Admin | Lists all details for all servers. |
Create server | POST /servers |
Creator, Admin | Creates a server. |
Show server details | GET /servers/{server_id} |
Observer, Creator, Admin | Lists details for a specified server. |
Update server | PUT /servers/{server_id} |
Admin | Updates one or more editable attributes for a specified server. |
Delete server Note: The user must also have a Cloud Block Storage Admin role. |
DELETE /servers/{server_id} |
Admin | Deletes a specified server. |
Create a server key pair | POST /os-keypairs } |
Creator, Admin | Generates a key pair consisting of a private key and a public key. |
Retrieve list of key pairs | GET /os-keypairs |
Creator, Admin | Lists a key pair consisting of a private key and a public key. |
Delete key pair | DELETE /os-keypairs/{keypair_name} |
Creator, Admin | Deletes a key pair of a specified name. |
Retrieve list of server addresses | GET /servers/{id}/ips |
Observer, Creator, Admin | Lists all networks and server addresses associated with a specified server. |
List Addresses by Network | GET /servers/{id}/ips/{networkLabel} |
Observer, Creator, Admin | Lists addresses associated with a specified server and network. |
Change password, Reboot server, Rebuild server, Resize server, Confirm server resize, Revert server resize, Rescue server, Unrescue server, and Create image | POST /servers/{server_id}/action |
Admin | Performs the requested action. |
Attach volume to server Note: The user must also have a Cloud Block Storage Admin or Creator role. |
POST /servers/{server_id}/os-volume_attachments |
Observer, Creator, Admin | Attaches a volume to the specified server. |
List server volumes | GET /servers/{server_id}/os-volume_attachments |
Observer, Creator, Admin | Lists the attached volumes for the specified server. |
Show volume attachment details | GET /servers/{server_id}/os-volume_attachments/{attachment_id} |
Observer, Creator, Admin | Lists volume details for the specified volume attachment ID. |
Delete volume attachment | DELETE /servers/{server_id}/os-volume_attachments/{attachment_id} |
Admin | Deletes a specified volume attachment from a specified server instance. |
Retrieve list of flavors | GET /flavors |
Observer, Creator, Admin | Lists IDs, names, and links for all available flavors. |
Retrieve list of flavors with details | GET /flavors/detail |
Observer, Creator, Admin | Lists all details for all available flavors. |
Retrieve flavor details | GET /flavors/{flavor_id} |
Observer, Creator, Admin | Lists details of the specified flavor. |
Retrieve list of images | GET /images |
Observer, Creator, Admin | Lists IDs, names, and links for all available images. |
Retrieve list of images with details | GET /images/detail |
Observer, Creator, Admin | List all details for all available images. |
Retrieve image details | GET /images/{image_id} |
Observer, Creator, Admin | Lists details of the specified image |
Delete image | DELETE /images/{image_id} |
Admin | Deletes the specified image. |
List server metadata | GET /servers/{server_id}/metadata |
Observer, Creator, Admin | Lists all metadata associated with a server. |
Retrieve image metadata for a specified image | GET /images/{image_id}/metadata |
Observer, Creator, Admin | Lists all metadata associated with an image. |
Set server metadata | PUT /servers/{server_id}/metadata |
Admin | Sets metadata for the specified server. |
Set image metadata for a specified image | POST /images/{image_id}/metadata |
Admin | Sets metadata for the specified image. |
Update server metadata | POST /servers/{server_id}/metadata |
Admin | Updates metadata items for the specified server. |
Show server metadata item details | GET /servers/{server_id}/metadata/{key} |
Observer, Creator, Admin | Retrieves a single metadata item associated with a server. |
Retrieve image metadata item for a specified image | GET /images/{image_id}/metadata/{key} |
Observer, Creator, Admin | Retrieves a single metadata item associated with an image. |
Set server metadata item | PUT /servers/{server_id}/metadata/{key} |
Admin | Sets a metadata item for a specified server. |
Set image metadata item for a specified image | PUT /images/{image_id}/metadata/{key} |
Admin | Sets a metadata item for a specified image. |
Delete server metadata item | DELETE /servers/{server_id}/metadata/{key} |
Admin | Deletes a metadata item for the specified server. |
Delete image metadata item for a specified image | DELETE /images/{image_id}/metadata/{key} |
Admin | Deletes a metadata item for the specified image. |
Retrieve list of limits including used limits | GET /limits |
Observer, Creator, Admin | Expands the limits operation to show the project usage, including RAM and instance quotas usage. |
Enable scheduled images | POST /servers/{server_id}/rax-si-image-schedule |
Creator, Admin | Enables scheduled images on a server by creating an image_schedule resource. |
Show scheduled images | GET /servers/{server_id}/rax-si-image-schedule |
Observer, Creator, Admin | Shows scheduled images for the specified server. |
Disable scheduled images | DELETE /servers/{server_id}/rax-si-image-schedule |
Admin | Disables scheduled images by deleting the image_schedule resource that indicates the scheduled image service should create snapshots of this server. |
Retrieve list of networks | GET /os-networksv2 |
Observer, Creator, Admin | Lists the networks configured for a specified tenant ID. |
Create network | POST /os-networksv2 |
Creator, Admin | Creates a network for a specified tenant ID. |
Create server with networks | POST /servers |
Creator, Admin | Provisions a new server with specified networks. |
Show network | GET /os-networksv2/{network_id} |
Observer, Creator, Admin | Shows information for a specified network ID. |
Delete network | DELETE /os-networksv2/{network_id} |
Admin | Deletes a specified network. |
Retrieve list of virtual interfaces | GET /servers/{server_id}/os-virtual-interfacesv2 |
Observer, Creator, Admin | Lists all virtual interfaces configured for a server instance. |
Create virtual interface and attach to server | POST /servers/{server_id}/os-virtual-interfacesv2 |
Creator, Admin | Creates a virtual interface for a network and attaches the network to a server instance. |
Delete virtual interface | DELETE /servers/{server_id}/os-virtual-interfacesv2/{interface_id} |
Admin | Deletes a virtual interface from a server instance. |
Related article
Role-Based Access Control (RBAC) permissions matrix for Cloud Hosting