Permissions Matrix for Cloud Databases

The Cloud Databases permissions matrix displays specific permissions for the following role-based access control (RBAC) roles:

  • Admin provides full access to create, read, update, and delete.
  • Creator provides access to create, read, and update.
  • Observer provides read-only access.

The matrix displays the Cloud Databases methods grouped by category, their corresponding RESTful API commands, and the RBAC roles that are supported.

Versions

MethodAPI actionRoleDescription
List versionsGET /Admin, Creator, ObserverLists information about all versions of the API.
List version detailsGET /{version}Admin, Creator, ObserverReturns detailed information about the specified version of the API.

Database instances

MethodAPI actionRoleDescription
Create a database instancePOST /{version}/{accountId}/instancesAdmin, CreatorCreates a new database instance.
List all database instancesGET /{version}/{accountId}/instancesAdmin, Creator, ObserverLists the status and information for all database instances.
Update a database instancePUT /{version}/{accountId}/instances/{instanceId}Admin, CreatorAssociates a specified database instance with the configuration group.
Change database instance namePATCH /{version}/{accountId}/instances/{instanceId}Admin, CreatorChanges the name of the instance to the new specified name.
List database instance status and detailsGET /{version}/{accountId}/instances/{instanceId}Admin, Creator, ObserverLists status and details for the specified database instance.
Delete a database instanceDELETE /{version}/{accountId}/instances/{instanceId}AdminDeletes the specified database instance.
Get the default configurationGET /{version}/{accountId}/instances/{instanceId}/configurationAdmin, Creator, ObserverLists the default MySQL configuration settings from the template that were applied to the specified instance.
Enable the root userPOST /{version}/{accountId}/instances/{instanceId}/rootAdminEnables the root user for the specified database instance and returns the root password.
List root-enabled statusGET /{version}/{accountId}/instances/{instanceId}/rootAdmin, Creator, ObserverReturns true if the root user is enabled for the specified database instance. Returns false otherwise.

Database instance actions

MethodAPI actionRoleDescription
Restart an instancePOST /{version}/{accountId}/instances/{instanceId}/actionAdminRestarts the database service on the specified instance.
Resize an instancePOST /{version}/{accountId}/instances/{instanceId}/actionAdminResizes the memory of the specified instance.
Resize the instance volumePOST /{version}/{accountId}/instances/{instanceId}/actionAdminResizes the volume attached to the instance.

Databases

MethodAPI actionRoleDescription
Create a databasePOST /{version}/{accountId}/instances/{instanceId}/databasesAdmin, CreatorCreates a new database within the specified instance.
List databases for an instanceGET /{version}/{accountId}/instances/{instanceId}/databasesAdmin, Creator, ObserverLists databases for the specified instance.
Delete a databaseDELETE /{version}/{accountId}/instances/{instanceId}/databases/{databaseName}AdminDeletes the specified database.

Users

MethodAPI actionRoleDescription
Create a userPOST /{version}/{accountId}/instances/{instanceId}/usersAdmin, CreatorCreates a user for the specified database instance.
List a userGET /{version}/{accountId}/instances/{instanceId}/usersAdmin, Creator, ObserverLists the users in the specified database instance.
List users in a database instanceGET /{version}/{accountId}/instances/{instanceId}/users/{name}Admin, Creator, ObserverLists the specified user's name and a list of databases that the user can access.
List user accessGET /{version}/{accountId}/instances/{instanceId}/users/{name}/databasesAdmin, Creator, ObserverLists all the databases to which the specified user has access.
Grant user accessPUT /{version}/{accountId}/instances/{instanceId}/users/{name}/databasesAdmin, CreatorGrants access for the specified user to one or more databases for the specified instance.
Revoke user accessDELETE /{version}/{accountId}/instances/{instanceId}/users/{name}/databases/{database}AdminRemoves access to the specified database for the specified user.
Delete a userDELETE /{version}/{accountId}/instances/{instanceId}/users/{name}AdminDeletes the specified user from the specified database instance.
Change user passwordsPUT /{version}/{accountId}/instances/{instanceId}/usersAdminChanges the user passwords for the specified database instance.
Modify user attributesPUT /{version}/{accountId}/instances/{instanceId}/users/{name}AdminModifies one or more of the following values for the specified user: name, password, or the host from which the user is allowed to connect to the database.

Flavors

MethodAPI actionRoleDescription
List flavorsGET /{version}/{accountId}/flavorsAdmin, Creator, ObserverLists information for all available flavors.
List flavors by IDGET /{version}/{accountId}/flavors/{flavorId}Admin, Creator, ObserverLists information about the specified flavor.
List flavors for the datastore versionGET /{version}/{accountId}/datastores/{datastoreType}/versions/{versionId}/flavorsAdmin, Creator, ObserverLists flavors for a datastore version.

On-demand backups

📘

Any user who calls the on-demand backup operations for Cloud Databases must have access to Cloud Files.

MethodAPI actionRoleDescription
Create a backupPOST /{version}/{accountId}/backupsAdmin, CreatorCreates a new backup for a database instance.
Delete a backupDELETE /{version}/{accountId}/backups/{backupId}AdminDeletes the specified backup.
List backupsGET /{version}/{accountId}/backupsAdmin, Creator, ObserverLists all backups for all database instances.
List backup by IDGET /{version}/{accountId}/backups/{backupId}Admin, Creator, ObserverLists details about the specified backup.
List backups for instanceGET /{version}/{accountId}/instance/{instanceId}/backupsAdmin, Creator, ObserverLists all backups for the specified instance.
Restore a backupPOST /{version}/{accountId}/instancesAdmin, CreatorCreates a new database instance from a backup.

Scheduled Backups

📘

Any user who calls on the scheduled backup operations for Cloud Databases must have access to Cloud Files.

MethodAPI actionRoleDescription
Create a scheduled backupPOST /{version}/{accountId}/schedulesAdmin, CreatorCreates a schedule for running a backup periodically.
List scheduled backupsGET /{version}/{accountId}/schedulesAdmin, Creator, ObserverLists all scheduled backups for all database instances for an account.
List the schedule for running a backupGET /{version}/{accountId}/schedules/{scheduleId}Admin, Creator, ObserverLists the specified schedule for running a backup.
Delete the schedule for running a backupDELETE /{version}/{accountId}/schedules/{scheduleId}AdminDeletes the specified schedule for running a backup.
Update schedule for backups by schedule IDPUT /{version}/{accountId}/schedules/{scheduleId}Admin, CreatorUpdates the schedule for running backups for the specified schedule.

Replication

MethodAPI actionRoleDescription
Create a replica

Note: Because the process of creating a replica creates a backup, the user calling this operation must have access to Cloud Files.
POST /{version}/{accountId}/instancesAdmin, CreatorCreates a replica of the source instance.
List all replicas and replica source database instancesGET /{version}/{accountId}/instancesAdmin, Creator, ObserverLists the status and information for all replicas or replica sources.
List a replica sourceGET /{version}/{accountId}/instances{instanceId}Admin, Creator, ObserverLists status and details for the specified source instance.
List replica detailsGET /{version}/{accountId}/instances{instanceId}Admin, Creator, ObserverLists status and details for the specified replica.
Detach a replicaPATCH /{version}/{accountId}/instances{instanceId}Admin, CreatorDetaches the specified replica instance from its source instance.
List replicas for a source instanceGET /{version}/{accountId}/instances/{instanceId}/replicasAdmin, Creator, ObserverLists replicas for the specified source instance.
Convert replication setup to HAPOST /{version}/{accountId}/instances/{instanceId}/actionAdminConverts the replication set-up to HA.

High availability

MethodAPI actionRoleDescription
Create an HA database instancePOST /{version}/{accountId}/haAdmin, CreatorCreates a new HA instance.
List all HA database instancesGET /{version}/{accountId}/haAdmin, Creator, ObserverLists all the HA database instances.
List HA database instance detailsGET /{version}/{accountId}/ha/{haId}Admin, Creator, ObserverLists details for a specified HA instance.
Delete an HA database instanceDELETE /{version}/{accountId}/ha/{haId}AdminDeletes an HA database instance.
Add ACLs to an HA instancePOST /{version}/{accountId}/ha/{haId}/aclsAdmin, CreatorAdds access control lists (ACLs) to an HA instance.
List ACLs for an HA instanceGET /{version}/{accountId}/ha/{haId}/aclsAdmin, Creator, ObserverLists ACLs for an HA instance.
Delete ACLs from an HA instanceDELETE /{version}/{accountId}/ha/{haId}/acls/{address}AdminDeletes ACLs from an HA instance.
Add a replica to an HA instance

Note: Adding a new replica node would restart the mha manager service (which monitors the source/replica instances to trigger failover) and the haproxy service on the load balancer nodes.
POST /{version}/{accountId}/ha/{haId}/actionAdmin, CreatorAdds a replica node to the HA group specified by {ha_id}.

Configurations

MethodAPI actionRoleDescription
List configurationsGET /{version}/{accountId}/configurationsAdmin, Creator, ObserverLists all defined configuration groups for the tenant.
Create a configurationPOST /{version}/{accountId}/configurationsAdmin, CreatorCreates a new configuration group.
List configuration detailsGET / configurations/{configId}Admin, Creator, ObserverLists details for the specified configuration group.
Update some configuration parametersPATCH / configurations/{configId}Admin, CreatorUpdates some of the configuration parameters associated with the specified configuration group.
Replace all configuration parametersPUT /{version}/{accountId}/configurations/{configId}Admin, CreatorReplaces all the configuration parameters associated with the specified configuration group.
Delete configuration groupDELETE /{version}/{accountId}/configurations/{configId}AdminDeletes the specified configuration group.
List instances for a configurationGET /{version}/{accountId}/ configurations/{configId}/instancesAdmin, Creator, ObserverLists instances that are associated with the specified configuration group.

Configuration parameters

MethodAPI actionRoleDescription
List configuration parametersGET /{version}/{accountId}/datastores/{datastoreId}/versions/{versionId}/parametersAdmin, Creator, ObserverLists configuration parameters that might be configured on the system.
List configuration parameter detailsGET /{version}/{accountId}/datastores/{datastoreId}/versions/{versionId}/parameters/{parameterId}Admin, Creator, ObserverLists the details of a specified configuration parameter that might be configured on the system.
List configuration parameters without datastoreGET /{version}/{accountId}/datastores/versions/{versionId}/parametersAdmin, Creator, ObserverLists the configuration parameters that might be configured on the system without specifying a datastore.
List configuration parameter details without datastoreGET /{version}/{accountId}/datastores/versions/{versionId}/parameters/{parameterId}Admin, Creator, ObserverLists the details of a specified configuration parameter that might be configured on the system without specifying a datastore.
List verbose default configuration parametersGET /datastore/version/{versionId}/configuration/{flavorId}Admin, Creator, ObserverLists the default configuration parameters for a datastore version flavor without specifying a datastore.

Datastore types and versions

MethodAPI actionRoleDescription
List all datastore typesGET /{version}/{accountId}/datastoresAdmin, Creator, ObserverLists all datastore types.
List datastore typeGET /{version}/{accountId}/datastores/{datastoreId}Admin, Creator, ObserverLists all the datastore types for the specified datastore.
List datastore versions for a datastoreGET /{version}/{accountId}/datastores/{datastoreId}/versionsAdmin, Creator, ObserverLists all versions for the specified datastore.
List datastore versionGET /{version}/{accountId}/datastores/{datastoreId}/versions/{versionId}Admin, Creator, ObserverLists the specified datastore version for the specified datastore.

Related article