Permissions Matrix for Cloud Networks


The following permissions matrix displays specific permissions for the roles in Cloud Networks. The matrix displays the method names, their corresponding RESTful API commands, and the roles that are supported.  

API Documentation

Related Knowledge Center Articles

Cloud Networks Terminology

As of October 30, 2014

The following permissions matrix displays specific permissions for roles using the Neutron API. 

CAPABILITY ROLE DESCRIPTION 

Method Name

API Action

Observer

Creator

Admin

 

NETWORKS

List Networks GET /networks check check check Lists networks to which the specified tenant has access.
List Details for a Network GET /networks/{network-id} check check check Shows information for a specified network ID.
Create a Network POST /networks   check check Creates a network.
Update a Specified Network PUT /networks/{network-id}     check Updates editable attributes for a specified network.
Delete a Specified Network DELETE /networks/{network-id}     check Deletes the specified network and its associated resources.

SUBNETS

List Subnets

GET /subnets check check check Lists subnets to which the specified tenant has access.
List Details for a Subnet GET /subnets/{subnet-id} check check check Shows information for a specified subnet.
Create a Subnet POST /subnets   check check Creates a subnet on a specified network.
Update a Specified Subnet PUT /subnets/{subnet-id}     check Updates editable attributes for a specified subnet.
Delete a Subnet DELETES /subnets/{subnet-id}     check Deletes a specified subnet.

PORTS

List Ports GET /ports check check check Lists ports to which the tenant has access.
List Details for a Port GET /ports/{port-id} check check check Shows information for a specified port.
Create a Port POST /ports   check check Creates a port on a specified network.

Update Editable Attribute of a Port

PUT /ports/{port-id}     check Updates a editable attributes for a specified port.
Delete Specified Port DELETE /ports/{port-id}     check Deletes a specified port.

 

The following permissions matrix displays specific permissions for the roles using the nova-network API. 

CAPABILITY ROLE DESCRIPTION 

Method Name

API Action

Observer

Creator

Admin

 
Networks          
List Networks  GET/os-networksv2  check check check Lists the networks configured for a specified tenant ID.
Create Network  POST/os-networksv2   check check Creates a network for the specified tenant ID.
Provision Server and Attach Networks POST/servers   check check Provisions a new server and attaches networks.
Show Network GET/os-networkv2/id  check  check check Shows information for a specified network ID. 
Delete Network  DELETE/GET/os-networkv2/id     check  Deletes the specified network.
Virtual Interfaces          
List Virtual Interfaces GET/servers/instance_id/os-virtual-interfacesv2  check  check check Lists the virtual interfaces configured for a server instance.
Create Virtual Interface POST/servers/instance_id/os-virtual-interfacesv2    check check Creates a virtual interface for a network and attaches the network to a server instances.
Delete Virtual Interface DELETE/servers/instances_id/os-virtual-interfacesv2/interface_id     check  Deletes a virtual interface from a server instance.

 

Cloud Networks Terminology

Network

A sequence of connection points that communicate with each other.

Server

A virtual machine (VM) instance in the Cloud Servers environment. To create a server, you must specify a name, flavor reference, and image reference.

Virtual Interface

An extension to the networking API that is specifically used for attaching and detaching networks.

 

< Permissions Matrices for RBAC

 



Was this content helpful?




© 2014 Rackspace US, Inc.

Except where otherwise noted, content on this site is licensed under a Creative Commons Attribution-NonCommercial-NoDerivs 3.0 Unported License


See license specifics and DISCLAIMER