Permissions matrix for Cloud Servers

  • Last updated on: 2016-12-06
  • Authored by: Renee Rendon

The Cloud Servers permissions matrix displays specific permissions for the following roles:

  • Admin provides full access to create, read, update, and delete.
  • Creator provides access to create, read, and update.
  • Observer provides read-only access.

The matrix displays the Cloud Servers methods, their corresponding RESTful API commands, and the roles that are supported.

Method API action Role Description
Retrieve list of servers GET /servers Observer, Creator, Admin Lists IDs, names, and links for all servers.
List servers with details GET /servers/detail Observer, Creator, Admin Lists all details for all servers.
Create server POST /servers Creator, Admin Creates a server.
Show server details GET /servers/{server_id} Observer, Creator, Admin Lists details for a specified server.
Update server PUT /servers/{server_id} Admin Updates one or more editable attributes for a specified server.
Delete server

Note: The user must also have a Cloud Block Storage Admin role.
DELETE /servers/{server_id} Admin Deletes a specified server.
Create a server key pair POST /os-keypairs } Creator, Admin Generates a key pair consisting of a private key and a public key.
Retrieve list of key pairs GET /os-keypairs Creator, Admin Lists a key pair consisting of a private key and a public key.
Delete key pair DELETE /os-keypairs/{keypair_name} Creator, Admin Deletes a key pair of a specified name.
Retrieve list of server addresses GET /servers/{id}/ips Observer, Creator, Admin Lists all networks and server addresses associated with a specified server.
List Addresses by Network GET /servers/{id}/ips/{networkLabel} Observer, Creator, Admin Lists addresses associated with a specified server and network.
Change password, Reboot server, Rebuild server, Resize server, Confirm server resize, Revert server resize, Rescue server, Unrescue server, and Create image POST /servers/{server_id}/action Admin Performs the requested action.
Attach volume to server

Note: The user must also have a Cloud Block Storage Admin or Creator role.
POST /servers/{server_id}/os-volume_attachments Observer, Creator, Admin Attaches a volume to the specified server.
List server volumes GET /servers/{server_id}/os-volume_attachments Observer, Creator, Admin Lists the attached volumes for the specified server.
Show volume attachment details GET /servers/{server_id}/os-volume_attachments/{attachment_id} Observer, Creator, Admin Lists volume details for the specified volume attachment ID.
Delete volume attachment DELETE /servers/{server_id}/os-volume_attachments/{attachment_id} Admin Deletes a specified volume attachment from a specified server instance.
Retrieve list of flavors GET /flavors Observer, Creator, Admin Lists IDs, names, and links for all available flavors.
Retrieve list of flavors with details GET /flavors/detail Observer, Creator, Admin Lists all details for all available flavors.
Retrieve flavor details GET /flavors/{flavor_id} Observer, Creator, Admin Lists details of the specified flavor.
Retrieve list of images GET /images Observer, Creator, Admin Lists IDs, names, and links for all available images.
Retrieve list of images with details GET /images/detail Observer, Creator, Admin List all details for all available images.
Retrieve image details GET /images/{image_id} Observer, Creator, Admin Lists details of the specified image
Delete image DELETE /images/{image_id} Admin Deletes the specified image.
List server metadata GET /servers/{server_id}/metadata Observer, Creator, Admin Lists all metadata associated with a server.
Retrieve image metadata for a specified image GET /images/{image_id}/metadata Observer, Creator, Admin Lists all metadata associated with an image.
Set server metadata PUT /servers/{server_id}/metadata Admin Sets metadata for the specified server.
Set image metadata for a specified image POST /images/{image_id}/metadata Admin Sets metadata for the specified image.
Update server metadata POST /servers/{server_id}/metadata Admin Updates metadata items for the specified server.
Show server metadata item details GET /servers/{server_id}/metadata/{key} Observer, Creator, Admin Retrieves a single metadata item associated with a server.
Retrieve image metadata item for a specified image GET /images/{image_id}/metadata/{key} Observer, Creator, Admin Retrieves a single metadata item associated with an image.
Set server metadata item PUT /servers/{server_id}/metadata/{key} Admin Sets a metadata item for a specified server.
Set image metadata item for a specified image PUT /images/{image_id}/metadata/{key} Admin Sets a metadata item for a specified image.
Delete server metadata item DELETE /servers/{server_id}/metadata/{key} Admin Deletes a metadata item for the specified server.
Delete image metadata item for a specified image DELETE /images/{image_id}/metadata/{key} Admin Deletes a metadata item for the specified image.
Retrieve list of limits including used limits GET /limits Observer, Creator, Admin Expands the limits operation to show the project usage, including RAM and instance quotas usage.
Enable scheduled images POST /servers/{server_id}/rax-si-image-schedule Creator, Admin Enables scheduled images on a server by creating an image_schedule resource.
Show scheduled images GET /servers/{server_id}/rax-si-image-schedule Observer, Creator, Admin Shows scheduled images for the specified server.
Disable scheduled images DELETE /servers/{server_id}/rax-si-image-schedule Admin Disables scheduled images by deleting the image_schedule resource that indicates the scheduled image service should create snapshots of this server.
Retrieve list of networks GET /os-networksv2 Observer, Creator, Admin Lists the networks configured for a specified tenant ID.
Create network POST /os-networksv2 Creator, Admin Creates a network for a specified tenant ID.
Create server with networks POST /servers Creator, Admin Provisions a new server with specified networks.
Show network GET /os-networksv2/{network_id} Observer, Creator, Admin Shows information for a specified network ID.
Delete network DELETE /os-networksv2/{network_id} Admin Deletes a specified network.
Retrieve list of virtual interfaces GET /servers/{server_id}/os-virtual-interfacesv2 Observer, Creator, Admin Lists all virtual interfaces configured for a server instance.
Create virtual interface and attach to server POST /servers/{server_id}/os-virtual-interfacesv2 Creator, Admin Creates a virtual interface for a network and attaches the network to a server instance.
Delete virtual interface DELETE /servers/{server_id}/os-virtual-interfacesv2/{interface_id} Admin Deletes a virtual interface from a server instance.

Related article

Role-Based Access Control (RBAC) permissions matrix for Cloud Hosting

Continue the conversation in the Rackspace Community.