Policies and Roles

Policies

Policies

policies:get
Ability to get a policy
policies:list
Ability to list policies

Roles

roles:global:create
Ability to create a global role
roles:project:create
Ability to create a project role
roles:global:get
Ability to get a global role
roles:project:get
Ability to get a project role
roles:global:list
Ability to list global roles
roles:project:list
Ability to list project roles
roles:global:update
Ability to update a global role
roles:project:update
Ability to update a project role
roles:global:delete
Ability to delete a global role
roles:project:create
Ability to delete a project role

Flavors

flavors:create
Ability to create a flavor
flavors:get
Ability to get a flavor
flavors:list
Ability to list flavors
flavors:delete
Ability to delete a flavor

Regions

regions:create
Ability to create a region
regions:get
Ability to get a region
regions:list
Ability to list regions
regions:delete
Ability to delete a region
regions:action:schedule
Ability to change the schedule mode of the region

Zones

zones:create
Ability to create a zone
zones:get
Ability to get a zone
zones:list
Ability to list zones
zones:delete
Ability to delete a zone
zones:action:schedule
Ability to change the schedule mode of the zone

Projects

projects:create
Ability to create a project
projects:get
Ability to get a project
projects:get:all
Ability to get all projects
projects:list
Ability to list projects
projects:list:all
Ability to list all projects
projects:delete
Ability to delete a project
projects:scope
Ability to scope to a project
projects:scope:all
Ability to scope to all projects
projects:members:add
Ability to add a member to a project
projects:members:get
Ability to get a member in a project
projects:members:list
Ability to list members in a project
projects:members:modify
Ability to modify a project member’s roles
projects:members:remove
Ability to remove a member from a project
projects:quota:get
Ability to get a project’s quota
projects:quota:modify
Ability to modify a project’s quota

Volumes

volumes:create
Ability to create a volume
volumes:get
Ability to get a volume
volumes:list
Ability to list volumes
volumes:delete
Ability to delete a volume
volumes:action:attach
Ability to attach a volume to an instance
volumes:action:detach
Ability to detach a volume from an instance
volumes:action:grow
Ability to grow a volume
volumes:action:clone
Ability to clone a volume

Images

images:create
Ability to create an image
images:get
Ability to get an image
images:list
Ability to list images
images:delete
Ability to delete an image
images:action:visibility
Ability to change an image’s visibility
images:action:visibility:public
Ability to change an image’s visibility to public
images:action:lock
Ability to lock an image
images:action:unlock
Ability to unlock an image
images:members:add
Ability to add a member to an image
images:members:list
Ability to list an image’s members
images:members:delete
Ability to delete a member from an image

Instances

instances:create
Ability to create an instance
instances:get
Ability to get an instance
instances:list
Ability to list instances
instances:delete
Ability to delete an instance
instances:action:stop
Ability to stop an instance
instances:action:start
Ability to start an instance
instances:action:restart
Ability to restart an instance
instances:action:image
Ability to create an image from an instance

Networks

networks:create
Ability to create a network
networks:get
Ability to get a network
networks:list
Ability to list networks
networks:delete
Ability to delete a network

Service Accounts

service_accounts:create
Ability to create a service account
service_accounts:get
Ability to get a service account
service_accounts:list
Ability to list service accounts
service_accounts:update
Ability to update a service account
service_accounts:delete
Ability to delete a service account

Keypairs

keypairs:create
Ability to create a keypair
keypairs:get
Ability to get a keypair
keypairs:list
Ability to list keypairs
keypairs:delete
Ability to delete a keypair

Network Ports

network_ports:get
Ability to get a network port
network_ports:list
Ability to list network ports
network_ports:delete
Ability to delete a network port

Database Users

database:users:create

database:users:get

database:users:list

database:users:delete

database:users:password

database:users:roles:update

Roles

Global Roles

Admin Role

The administrative role for Sandwich Cloud. This role has access to all API endpoints.

Project Roles

Project roles can only have policies that are for project based resources.

Default Member

This is the default role for all project members. This role has access to all scoped API endpoints.

Default Service Account

This is the default service account role for all project service accounts. This role has access to read-only scoped API endpoints.