Permissions Matrix for Next Generation Cloud Servers
The Cloud Servers permissions matrix displays specific permissions for the
following roles:
- Admin provides full access to create, read, update, and delete.
- Creator provides access to create, read, and update.
- Observer provides read-only access.
The matrix displays the Cloud Servers methods, their corresponding RESTful API commands,
and the roles that are supported.
Method | API action | Role | Description |
---|---|---|---|
Retrieve list of servers | GET /servers | Observer, Creator, Admin | Lists IDs, names, and links for all servers. |
List servers with details | GET /servers/detail | Observer, Creator, Admin | Lists all details for all servers. |
Create server | POST /servers | Creator, Admin | Creates a server. |
Show server details | GET /servers/{server_id} | Observer, Creator, Admin | Lists details for a specified server. |
Update server | PUT /servers/{server_id} | Admin | Updates one or more editable attributes for a specified server. |
Delete server Note: The user must also have a Cloud Block Storage Admin role. | DELETE /servers/{server_id} | Admin | Deletes a specified server. |
Create a server key pair | POST /os-keypairs } | Creator, Admin | Generates a key pair consisting of a private key and a public key. |
Retrieve list of key pairs | GET /os-keypairs | Creator, Admin | Lists a key pair consisting of a private key and a public key. |
Delete key pair | DELETE /os-keypairs/{keypair_name} | Creator, Admin | Deletes a key pair of a specified name. |
Retrieve list of server addresses | GET /servers/{id}/ips | Observer, Creator, Admin | Lists all networks and server addresses associated with a specified server. |
List Addresses by Network | GET /servers/{id}/ips/{networkLabel} | Observer, Creator, Admin | Lists addresses associated with a specified server and network. |
Change password, Reboot server, Rebuild server, Resize server, Confirm server resize, Revert server resize, Rescue server, Unrescue server, and Create image | POST /servers/{server_id}/action | Admin | Performs the requested action. |
Attach volume to server Note: The user must also have a Cloud Block Storage Admin or Creator role. | POST /servers/{server_id}/os-volume_attachments | Observer, Creator, Admin | Attaches a volume to the specified server. |
List server volumes | GET /servers/{server_id}/os-volume_attachments | Observer, Creator, Admin | Lists the attached volumes for the specified server. |
Show volume attachment details | GET /servers/{server_id}/os-volume_attachments/{attachment_id} | Observer, Creator, Admin | Lists volume details for the specified volume attachment ID. |
Delete volume attachment | DELETE /servers/{server_id}/os-volume_attachments/{attachment_id} | Admin | Deletes a specified volume attachment from a specified server instance. |
Retrieve list of flavors | GET /flavors | Observer, Creator, Admin | Lists IDs, names, and links for all available flavors. |
Retrieve list of flavors with details | GET /flavors/detail | Observer, Creator, Admin | Lists all details for all available flavors. |
Retrieve flavor details | GET /flavors/{flavor_id} | Observer, Creator, Admin | Lists details of the specified flavor. |
Retrieve list of images | GET /images | Observer, Creator, Admin | Lists IDs, names, and links for all available images. |
Retrieve list of images with details | GET /images/detail | Observer, Creator, Admin | List all details for all available images. |
Retrieve image details | GET /images/{image_id} | Observer, Creator, Admin | Lists details of the specified image |
Delete image | DELETE /images/{image_id} | Admin | Deletes the specified image. |
List server metadata | GET /servers/{server_id}/metadata | Observer, Creator, Admin | Lists all metadata associated with a server. |
Retrieve image metadata for a specified image | GET /images/{image_id}/metadata | Observer, Creator, Admin | Lists all metadata associated with an image. |
Set server metadata | PUT /servers/{server_id}/metadata | Admin | Sets metadata for the specified server. |
Set image metadata for a specified image | POST /images/{image_id}/metadata | Admin | Sets metadata for the specified image. |
Update server metadata | POST /servers/{server_id}/metadata | Admin | Updates metadata items for the specified server. |
Show server metadata item details | GET /servers/{server_id}/metadata/{key} | Observer, Creator, Admin | Retrieves a single metadata item associated with a server. |
Retrieve image metadata item for a specified image | GET /images/{image_id}/metadata/{key} | Observer, Creator, Admin | Retrieves a single metadata item associated with an image. |
Set server metadata item | PUT /servers/{server_id}/metadata/{key} | Admin | Sets a metadata item for a specified server. |
Set image metadata item for a specified image | PUT /images/{image_id}/metadata/{key} | Admin | Sets a metadata item for a specified image. |
Delete server metadata item | DELETE /servers/{server_id}/metadata/{key} | Admin | Deletes a metadata item for the specified server. |
Delete image metadata item for a specified image | DELETE /images/{image_id}/metadata/{key} | Admin | Deletes a metadata item for the specified image. |
Retrieve list of limits including used limits | GET /limits | Observer, Creator, Admin | Expands the limits operation to show the project usage, including RAM and instance quotas usage. |
Enable scheduled images | POST /servers/{server_id}/rax-si-image-schedule | Creator, Admin | Enables scheduled images on a server by creating an image_schedule resource. |
Show scheduled images | GET /servers/{server_id}/rax-si-image-schedule | Observer, Creator, Admin | Shows scheduled images for the specified server. |
Disable scheduled images | DELETE /servers/{server_id}/rax-si-image-schedule | Admin | Disables scheduled images by deleting the image_schedule resource that indicates the scheduled image service should create snapshots of this server. |
Retrieve list of networks | GET /os-networksv2 | Observer, Creator, Admin | Lists the networks configured for a specified tenant ID. |
Create network | POST /os-networksv2 | Creator, Admin | Creates a network for a specified tenant ID. |
Create server with networks | POST /servers | Creator, Admin | Provisions a new server with specified networks. |
Show network | GET /os-networksv2/{network_id} | Observer, Creator, Admin | Shows information for a specified network ID. |
Delete network | DELETE /os-networksv2/{network_id} | Admin | Deletes a specified network. |
Retrieve list of virtual interfaces | GET /servers/{server_id}/os-virtual-interfacesv2 | Observer, Creator, Admin | Lists all virtual interfaces configured for a server instance. |
Create virtual interface and attach to server | POST /servers/{server_id}/os-virtual-interfacesv2 | Creator, Admin | Creates a virtual interface for a network and attaches the network to a server instance. |
Delete virtual interface | DELETE /servers/{server_id}/os-virtual-interfacesv2/{interface_id} | Admin | Deletes a virtual interface from a server instance. |
Related article
Role-Based Access Control (RBAC) permissions matrix for Cloud Hosting
Updated about 1 year ago