Permissions matrix for Cloud Orchestration

  • Last updated on: 2017-01-20
  • Authored by: Renee Rendon

The Cloud Orchestration permissions matrix displays specific permissions for the following role-based access control (RBAC) roles:

  • Admin provides full access to create, read, update, and delete.
  • Creator provides limited access to create, read, and update.
  • Observer provides read-only access.

The matrix displays the Cloud Orchestration methods grouped by category, their corresponding RESTful API commands, and the RBAC roles that are supported.

Stack operations

Note: Orchestration users need access to any products used in their templates.

Method API action Role Description
Create stack POST /v1/{tenant_id}/stacks Creator, Admin Creates a stack.
Adopt stack POST /v1/{tenant_id}/stacks Creator, Admin Creates a stack from existing resources.
List stack data GET /v1/{tenant_id}/stacks Observer, Creator, Admin Lists active stacks.
Find stack GET /v1/{tenant_id}/stacks/{stack_name} Observer, Creator, Admin Finds the canonical URL for a specified stack. This URL works with operations other than GET, so you can perform PUT and DELETE operations on a stack.
Show stack details GET /v1/{tenant_id}/stacks/{stack_name}/{stack_id} Observer, Creator, Admin Shows details for a specified stack.
Update stack PUT /v1/{tenant_id}/stacks/{stack_name}/{stack_id} Creator, Admin Updates a specified stack.
Delete stack DELETE /v1/{tenant_id}/stacks/{stack_name}/{stack_id} Admin Deletes a specified stack and any snapshots of that stack.
Preview stack POST /v1/{tenant_id}/stacks/preview Creator, Admin Previews a stack.
Abandon stack DELETE /v1/{tenant_id}/stacks/{stack_name}/{stack_id}/abandon Admin Deletes a specified stack but leaves its resources intact, and returns data describing the stack and its resources.

Stack resources

Method API action Role Description
Find stack resources GET /v1/{tenant_id}/stacks/{stack_name}/resources Observer, Creator, Admin Finds the canonical URL for the resource list of a specified stack.
List resources GET /v1/{tenant_id}/stacks/{stack_name}/{stack_id}/resources Observer, Creator, Admin Lists the resources in a stack.
Show resource data GET /v1/{tenant_id}/stacks/{stack_name}/{stack_id}/resources/{resource_name} Observer, Creator, Admin Shows the data for a specified resource.
List resource types GET /v1/{tenant_id}/resource_types Observer, Creator, Admin Lists the supported template resource types.
Show resource schema GET /v1/{tenant_id}/resource_types/{type_name} Observer, Creator, Admin Shows the interface schema for a specified resource type.
Show resource template GET /v1/{tenant_id}/resource_types/{type_name}/template Observer, Creator, Admin Shows the template representation for a specified resource type.

Stack events

Method API action Role Description
Find stack events GET /v1/{tenant_id}/stacks/{stack_name}/events Observer, Creator, Admin Finds the canonical URL for the event list of a specified stack.
List stack events GET /v1/{tenant_id}/stacks/{stack_name}/{stack_id}/events Observer, Creator, Admin Lists events for a specified stack.
List resource events GET /v1/{tenant_id}/stacks/{stack_name}/{stack_id}/resources/{resource_name}/events Observer, Creator, Admin Lists events for a specified stack resource.
Show event details GET /v1/{tenant_id}/stacks/{stack_name}/{stack_id}/resources/{resource_name}/events/{event_id} Observer, Creator, Admin Shows data about a specified event.

Templates

Method API action Role Description
Get stack template GET /v1/{tenant_id}/stacks/{stack_name}/{stack_id}/template Observer, Creator, Admin Gets a template for a specified stack.
Validate template POST /v1/{tenant_id}/validate Creator, Admin Validates a specified template.

Build information

Method API action Role Description
Show build information GET /v1/{tenant_id}/build_info Observer, Creator, Admin Shows build information for an Orchestration deployment.

Related article

Role-based Access Control (RBAC) permissions matrix for Cloud Hosting

Continue the conversation in the Rackspace Community.