Permissions Matrix for Cloud Networks

The Cloud Networks permissions matrix displays specific permissions for the following role-based access control (RBAC) roles:

  • Admin provides full access to create, read, update, and delete.
  • Creator provides limited access to create, read, and update.
  • Observer provides read-only access.

The matrix displays the Cloud Networks methods grouped by category, their corresponding RESTful API commands, and the roles that are supported.

Network operations

MethodAPI actionRoleDescription
Retrieve list of networksGET /v2.0/networksObserver, Creator, AdminRetrieves list of networks to which the specified tenant has access.
Create networkPOST /v2.0/networksCreator, AdminCreates a network.
Show networkGET /v2.0/networks/{network_id}Observer, Creator, AdminRetrieves information for a specified network.
Update networkPUT /v2.0/networks/{network_id}Creator, AdminUpdates certain network attributes.
Delete networkDELETE /v2.0/networks/{network_id}AdminDeletes a specified network and its associated resources.

Subnet operations

MethodAPI actionRoleDescription
Retrieve list of subnetsGET /v2.0/subnetsObserver, Creator, AdminRetrieves list of subnets to which the specified tenant has access.
Create subnetPOST /v2.0/subnetsCreator, AdminCreates a subnet on a specified network.
Show subnetGET /v2.0/subnets/{subnet_id}Observer, Creator, AdminRetrieves information for a specified subnet.
Update subnetPUT /v2.0/subnets/{subnet_id}Creator, AdminUpdates a specified subnet.
Delete subnetDELETE /v2.0/subnets/{subnet_id}AdminDeletes a specified subnet.

Port operations

MethodAPI actionRoleDescription
Retrieve list of portsGET /v2.0/portsObserver, Creator, AdminRetrieves list of ports to which the tenant has access.
Create portPOST /v2.0/portsCreator, AdminCreates a port on a specified network.
Show portGET /v2.0/ports/{port_id}Observer, Creator, AdminRetrieves information for a specified port.
Update portPUT /v2.0/ports/{port_id}Creator, AdminUpdates a specified port.
Delete portDELETE /v2.0/ports/{port_id}AdminDeletes a specified port.

Security groups operations

Note: The Security Groups API is currently in Limited Availability. It is available only to Managed Infrastructure customers and not to RackConnect or Managed Operations customers. To use this feature, contact Rackspace Support.

MethodAPI actionRoleDescription
List security groupsGET /v2.0/security-groupsObserver, Creator, AdminRetrieves a list of all security groups to which the specified tenant has access.
Create security groupPOST /v2.0/security-groupsCreator, AdminCreates a security group with default security group rules for the IPv4 and IPv6 ether types.
Show security groupGET /v2.0/security-groups/{security_group_id}Observer, Creator, AdminRetrieves information about the specified security group.
Delete security groupDELETE /v2.0/security-groups/{security_group_id}AdminDeletes a security group and its associated security group rules. The delete operation fails if a port is associated with the security group.
List security group rulesGET /v2.0/security-group-rulesObserver, Creator, AdminRetrieves a list of security group rules for the requestor with the unique ID for each security group rule.
Create security group rulePOST /v2.0/security-group-rulesCreator, AdminCreates a security group rule.
Show security group ruleGET /v2.0/security-group-rules/{rules-security-groups-id}Observer, Creator, AdminRetrieves information about the specified security group rule.
Delete security group ruleDELETE /v2.0/security-group-rules/{rules-security-groups-id}AdminDeletes the specified rule from a security group.

Shared IP address operations

Note: The Shared IP Addresses API is available to all customers except RackConnect customers.

MethodAPI actionRoleDescription
Retrieve list of IP addressesGET /v2.0/ip_addressesObserver, Creator, AdminRetrieves list of IP addresses for the specified tenant.
Retrieve list of IP addresses explicitly associated with a serverGET /v2/servers/{serverID}/ip_associationsObserver, Creator, AdminRetrieves list of IP addresses that are explicitly associated with a server.
Provision IP addressPOST /v2.0/ip_addressesCreator, AdminProvisions an IP address on a specified network.
Update ports with an IP addressPUT /v2.0/ip_addresses/{ipAddressID}AdminUpdates the port IDs that are sharing an IP address, using the IP address ID.
Show IP address detailsGET /v2.0/ip_addresses/{ipAddressID}Observer, Creator, AdminRetrieves information for a specified IP address, using the IP address ID.
De-allocate IP addressDELETE /v2.0/ip_addresses/{ipAddressID}AdminDe-allocates the specified associated IP address from the tenant, using the associated IP address ID.
Explicitly associate IP address with server

Note: Before using this operation, you must use the POST ip_addresses operation to provision the IP addresses.
PUT /v2/servers/{serverID}/ip_associations/{IPAddressID}AdminExplicitly associates to a server with an IP address.
Show specific IP addresses explicitly associated with serverGET /v2/servers/{serverID}/ip_associations/{IPAddressID}Observer, Creator, AdminRetrieves information for a specific IP address explicitly associated with a server using the /ip_associations operation by specifying the associated IP address ID.
Delete association between IP address and serverDELETE /v2/servers/{serverID}/ip_associations/{IPAddressID}AdminDeletes the association between the server and the associated IP address, using the associated IP address ID.

Related article

Role-based Access Control (RBAC) permissions matrix for Cloud Hosting