Permissions Matrix for Cloud Orchestration

The following permissions matrix displays specific permissions for the roles in Cloud Orchestration. The matrix displays the method names, their corresponding RESTful API commands, and the roles that are supported.  

API Documentation

Related Knowledge Center Articles

Cloud Orchestration Terminology

As of May, 2015     

Method Name API Action Observer Creator Admin  


Note: Orchestration users will need access to any products used in their templates.

Create Stack POST /stacks   Creates a stack.
List Stack Data  GET /stacks

Lists active stacks.

Find Stack  GET /stacks/{stack_name}

Finds the canonical URL for a specified stack.

Get Stack Data GET /stacks/{stack_name}/{stack_id}

Gets data about a specified stack.

Update Stack  PUT /stacks/{stack_name}/{stack_id}  

Updates a specified stack.

Delete Stack  DELETE /stacks/{stack_name}/{stack_id}    

Deletes a specified stack.

Abandon Stack

DELETE /stacks/{stack_name}/{stack_id}/abandon  


Deletes a given stack (from orchestration system database) but leaves the stack resources intact.

Adopt Stack

POST /stacks 


This operation is similar to the Create Stack operation. Along with stack create parameters, an additional body parameter 'adopt_stack_data' must be provided (adopt_stack_data type is String). Data returned by Abandon Stack could be provided as adopt_stack_data.

Preview Stack

POST /stacks/preview


Previews a stack.


Find Stack Resources  GET /stacks/{stack_name}/resources

Finds the canonical URL for the resource list of a specified stack.

List Resources  GET /stacks/{stack_name}/{stack_id}/resources 

Lists resources in a stack.

Get Resource Data

GET /stacks/{stack_name}/{stack_id}/resources/{resource_name}

Gets data for a specified resource.

List Resource Types GET /resource_types

Lists the supported template resource types.

Get Resource Schema

GET /resource_types/{type_name}

Gets the interface schema for a specified resource type.

Get Resource Template 

GET /resource_types/{type_name}/template


Gets a template representation for a specified resource type.


Find Stack Events 

GET /stacks/{stack_name}/events

Finds the canonical URL for the event list of a specified stack.

List Stack Events 

GET /stacks/{stack_name}/{stack_id}/events

Lists events for a specified stack.

List Resource Events 

GET /stacks/{stack_name}/{stack_id}/resources/{resource_name}/events

Lists events for a specified stack resource.

Show Event 

GET /stacks/{stack_name}/{stack_id}/resources/events/{event_id}

Gets data about a specified event.


Get Stack Template  GET /stacks/{stack_name}/{stack_id}/template 

Gets a template for a specified stack.


Get Build Info

GET /build_info


Gets information about the current heat build.


Cloud Orchestration Terminology


A Cloud Orchestration template is a portable file, written in a user-readable language, that describes how a set of resources should be assembled and what software should be installed in order to produce a working deployment. The template specifies what resources should be used, what attributes can be set, and other parameters that are critical to the successful, repeatable automation of a specific application deployment.


A resource is a template artifact that represents some component of your desired architecture (a Nova server, a group of scaled servers, a Cinder volume, some configuration management system, and so forth).


A stack is a group of resources (servers, load balancers, databases, and so forth) combined to fulfill a useful purpose. Based on a template, Heat orchestration engine creates an instantiated set of resources (a stack) to run the application framework or component specified (in the template). A stack is a running instance of a template. The result of creating a stack is a deployment of the application framework or component.

< Permission Matrices for RBAC


© 2015 Rackspace US, Inc.

Except where otherwise noted, content on this site is licensed under a Creative Commons Attribution-NonCommercial-NoDerivs 3.0 Unported License

See license specifics and DISCLAIMER