The Cloud Orchestration permissions matrix displays specific permissions for the following role-based access control (RBAC) roles:

  • Admin provides full access to create, read, update, and delete.

  • Creator provides limited access to create, read, and update.

  • Observer provides read-only access.

The matrix displays the Cloud Orchestration methods grouped by category, their corresponding RESTful API commands, and the RBAC roles that are supported.

Stack operations#

Note: Orchestration users need access to any products used in their templates.

Method

API action

Role

Description

Create stack

POST /v1/{tenant_id}/stacks

Creator, Admin

Creates a stack.

Adopt stack

POST /v1/{tenant_id}/stacks

Creator, Admin

Creates a stack from existing resources.

List stack data

GET /v1/{tenant_id}/stacks

Observer, Creator, Admin

Lists active stacks.

Find stack

GET /v1/{tenant_id}/stacks/{stack_name}

Observer, Creator, Admin

Finds the canonical URL for a specified stack. This URL works with operations other than GET, so you can perform PUT and DELETE operations on a stack.

Show stack details

GET /v1/{tenant_id}/stacks/{stack_name}/{stack_id}

Observer, Creator, Admin

Shows details for a specified stack.

Update stack

PUT /v1/{tenant_id}/stacks/{stack_name}/{stack_id}

Creator, Admin

Updates a specified stack.

Delete stack

DELETE /v1/{tenant_id}/stacks/{stack_name}/{stack_id}

Admin

Deletes a specified stack and any snapshots of that stack.

Preview stack

POST /v1/{tenant_id}/stacks/preview

Creator, Admin

Previews a stack.

Abandon stack

DELETE /v1/{tenant_id}/stacks/{stack_name}/{stack_id}/abandon

Admin

Deletes a specified stack but leaves its resources intact, and returns data describing the stack and its resources.

Stack resources#

Method

API action

Role

Description

Find stack resources

GET /v1/{tenant_id}/stacks/{stack_name}/resources

Observer, Creator, Admin

Finds the canonical URL for the resource list of a specified stack.

List resources

GET /v1/{tenant_id}/stacks/{stack_name}/{stack_id}/resources

Observer, Creator, Admin

Lists the resources in a stack.

Show resource data

GET /v1/{tenant_id}/stacks/{stack_name}/{stack_id}/resources/{resource_name}

Observer, Creator, Admin

Shows the data for a specified resource.

List resource types

GET /v1/{tenant_id}/resource_types

Observer, Creator, Admin

Lists the supported template resource types.

Show resource schema

GET /v1/{tenant_id}/resource_types/{type_name}

Observer, Creator, Admin

Shows the interface schema for a specified resource type.

Show resource template

GET /v1/{tenant_id}/resource_types/{type_name}/template

Observer, Creator, Admin

Shows the template representation for a specified resource type.

Stack events#

Method

API action

Role

Description

Find stack events

GET /v1/{tenant_id}/stacks/{stack_name}/events

Observer, Creator, Admin

Finds the canonical URL for the event list of a specified stack.

List stack events

GET /v1/{tenant_id}/stacks/{stack_name}/{stack_id}/events

Observer, Creator, Admin

Lists events for a specified stack.

List resource events

GET /v1/{tenant_id}/stacks/{stack_name}/{stack_id}/resources/{resource_name}/events

Observer, Creator, Admin

Lists events for a specified stack resource.

Show event details

GET /v1/{tenant_id}/stacks/{stack_name}/{stack_id}/resources/{resource_name}/events/{event_id}

Observer, Creator, Admin

Shows data about a specified event.

Templates#

Method

API action

Role

Description

Get stack template

GET /v1/{tenant_id}/stacks/{stack_name}/{stack_id}/template

Observer, Creator, Admin

Gets a template for a specified stack.

Validate template

POST /v1/{tenant_id}/validate

Creator, Admin

Validates a specified template.

Build information#

Method

API action

Role

Description

Show build information

GET /v1/{tenant_id}/build_info

Observer, Creator, Admin

Shows build information for an Orchestration deployment.

Related article#

Role-based Access Control (RBAC) permissions matrix for Cloud Hosting