Policies and Roles¶
Policies¶
Policies¶
policies:get
- Ability to get a policy
policies:list
- Ability to list policies
Roles¶
roles:global:create
- Ability to create a global role
roles:project:create
- Ability to create a project role
roles:global:get
- Ability to get a global role
roles:project:get
- Ability to get a project role
roles:global:list
- Ability to list global roles
roles:project:list
- Ability to list project roles
roles:global:update
- Ability to update a global role
roles:project:update
- Ability to update a project role
roles:global:delete
- Ability to delete a global role
roles:project:create
- Ability to delete a project role
Flavors¶
flavors:create
- Ability to create a flavor
flavors:get
- Ability to get a flavor
flavors:list
- Ability to list flavors
flavors:delete
- Ability to delete a flavor
Regions¶
regions:create
- Ability to create a region
regions:get
- Ability to get a region
regions:list
- Ability to list regions
regions:delete
- Ability to delete a region
regions:action:schedule
- Ability to change the schedule mode of the region
Zones¶
zones:create
- Ability to create a zone
zones:get
- Ability to get a zone
zones:list
- Ability to list zones
zones:delete
- Ability to delete a zone
zones:action:schedule
- Ability to change the schedule mode of the zone
Projects¶
projects:create
- Ability to create a project
projects:get
- Ability to get a project
projects:get:all
- Ability to get all projects
projects:list
- Ability to list projects
projects:list:all
- Ability to list all projects
projects:delete
- Ability to delete a project
projects:scope
- Ability to scope to a project
projects:scope:all
- Ability to scope to all projects
projects:members:add
- Ability to add a member to a project
projects:members:get
- Ability to get a member in a project
projects:members:list
- Ability to list members in a project
projects:members:modify
- Ability to modify a project member’s roles
projects:members:remove
- Ability to remove a member from a project
projects:quota:get
- Ability to get a project’s quota
projects:quota:modify
- Ability to modify a project’s quota
Volumes¶
volumes:create
- Ability to create a volume
volumes:get
- Ability to get a volume
volumes:list
- Ability to list volumes
volumes:delete
- Ability to delete a volume
volumes:action:attach
- Ability to attach a volume to an instance
volumes:action:detach
- Ability to detach a volume from an instance
volumes:action:grow
- Ability to grow a volume
volumes:action:clone
- Ability to clone a volume
Images¶
images:create
- Ability to create an image
images:get
- Ability to get an image
images:list
- Ability to list images
images:delete
- Ability to delete an image
images:action:visibility
- Ability to change an image’s visibility
images:action:visibility:public
- Ability to change an image’s visibility to public
images:action:lock
- Ability to lock an image
images:action:unlock
- Ability to unlock an image
images:members:add
- Ability to add a member to an image
images:members:list
- Ability to list an image’s members
images:members:delete
- Ability to delete a member from an image
Instances¶
instances:create
- Ability to create an instance
instances:get
- Ability to get an instance
instances:list
- Ability to list instances
instances:delete
- Ability to delete an instance
instances:action:stop
- Ability to stop an instance
instances:action:start
- Ability to start an instance
instances:action:restart
- Ability to restart an instance
instances:action:image
- Ability to create an image from an instance
Networks¶
networks:create
- Ability to create a network
networks:get
- Ability to get a network
networks:list
- Ability to list networks
networks:delete
- Ability to delete a network
Service Accounts¶
service_accounts:create
- Ability to create a service account
service_accounts:get
- Ability to get a service account
service_accounts:list
- Ability to list service accounts
service_accounts:update
- Ability to update a service account
service_accounts:delete
- Ability to delete a service account
Keypairs¶
keypairs:create
- Ability to create a keypair
keypairs:get
- Ability to get a keypair
keypairs:list
- Ability to list keypairs
keypairs:delete
- Ability to delete a keypair
Network Ports¶
network_ports:get
- Ability to get a network port
network_ports:list
- Ability to list network ports
network_ports:delete
- Ability to delete a network port
Database Users¶
database:users:create
database:users:get
database:users:list
database:users:delete
database:users:password
database:users:roles:update
Roles¶
Global Roles¶
Admin Role¶
The administrative role for Sandwich Cloud. This role has access to all API endpoints.
Project Roles¶
Project roles can only have policies that are for project based resources.
Default Member¶
This is the default role for all project members. This role has access to all scoped API endpoints.
Default Service Account¶
This is the default service account role for all project service accounts. This role has access to read-only scoped API endpoints.