# Role Based Privileges Refer to the table below for a detailed breakdown of each task that can be done by a self-service user and an administrator. | Task | Role | | | ------------------------------------------------------- | ----------------- | -------------------------------------------- | | | **Administrator** | **Self-service User** | | **Infrastructure Management** | | | | Add Host | `Accessible` | `Not Accessible` | | Configure Host | `Accessible` | `Not Accessible` | | Deauthorize Host | `Accessible` | `Not Accessible` | | Create Host Aggregate | `Accessible` | `Not Accessible` | | Delete Host Aggregate | `Accessible` | `Not Accessible` | | **User Management** | | | | Create user | `Accessible` | `Not Accessible` | | Edit user | `Accessible` | `Not Accessible` | | Delete user | `Accessible` | `Not Accessible` | | Edit Quota | `Accessible` | `Not Accessible` | | Manage multi-factor authentication | `Accessible` | `Not Accessible` | | **Tenant Management** | | | | Create Tenant | `Accessible` | `Not Accessible` | | Edit Tenant | `Accessible` | `Not Accessible` | | Delete Tenant | `Accessible` | `Not Accessible` | | **Network Management** | | | | Create provider network | `Accessible` | `Not Accessible` | | Edit provider network | `Accessible` | `Not Accessible` | | Delete provider network | `Accessible` | `Not Accessible` | | Create external network | `Accessible` | `Not Accessible` | | Edit external network | `Accessible` | `Not Accessible` | | Delete external network | `Accessible` | `Not Accessible` | | Create tenant network | `Accessible` | `Accessible` | | Edit tenant network | `Accessible` | `Accessible` | | Delete tenant network | `Accessible` | `Accessible` | | Create router | `Accessible` | `Accessible` | | Edit router | `Accessible` | `Accessible` | | Delete router | `Accessible` | `Accessible` | | Create security group | `Accessible` | `Accessible` | | Edit security group | `Accessible` | `Accessible` | | Delete security group | `Accessible` | `Accessible` | | Assign floating IP address | `Accessible` | `Accessible` | | Remove floating IP address | `Accessible` | `Accessible` | | Delete floating IP address | `Accessible` | `Accessible` | | Configure networking | `Accessible` | `Accessible` | | **Block Storage Management** | | | | Create volume | `Accessible` | `Accessible` | | Edit volume | `Accessible` | `Accessible` | | Attach volume | `Accessible` | `Accessible` | | Detach volume | `Accessible` | `Accessible` | | Take volume snapshot | `Accessible` | `Accessible` | | Edit volume snapshot | `Accessible` | `Accessible` | | Delete volume snapshot | `Accessible` | `Accessible` | | Upload volume as image | `Accessible` | `Accessible` | | Delete volume | `Accessible` | `Accessible` | | Create volume type | `Accessible` | `Not Accessible` | | **Image Management** | | | | Add image | `Accessible` | `Not Accessible` | | Edit image | `Accessible` | Partial. Can edit name and description only. | | Delete image | `Accessible` | `Not Accessible` | | Add bulk metadata to image | `Accessible` | `Accessible` | | Remove bulk metadata from image | `Accessible` | `Accessible` | | **Instance Management** | | | | Create instance | `Accessible` | `Accessible` | | Edit instance | `Accessible` | `Accessible` | | Delete instance | `Accessible` | `Accessible` | | Take snapshot of instance | `Accessible` | `Accessible` | | Start instance | `Accessible` | `Accessible` | | Stop instance | `Accessible` | `Accessible` | | Suspend instance | `Accessible` | `Accessible` | | Resume instance | `Accessible` | `Accessible` | | Reboot instance | `Accessible` | `Accessible` | | Rename instance | `Accessible` | `Accessible` | | Add metadata for instance | `Accessible` | `Accessible` | | Edit metadata for instance | `Accessible` | `Accessible` | | Delete metadata for instance | `Accessible` | `Accessible` | | Assign floating IP to instance | `Accessible` | `Accessible` | | Remove floating IP assigned to instance | `Accessible` | `Accessible` | | Add fixed IP to instance | `Accessible` | `Accessible` | | Remove fixed IP assigned to instance | `Accessible` | `Accessible` | | **Security Management** | | | | Import SSH key-pair | `Accessible` | `Accessible` | | Delete SSH key-pair | `Accessible` | `Accessible` | | View environment variables for access through API calls | `Accessible` | `Accessible` | | **Application Management** | | | | Create application | `Accessible` | `Accessible` | | Deploy application | `Accessible` | `Accessible` | | Edit application | `Accessible` | `Accessible` | | Delete application | `Accessible` | `Accessible` | | Download application package | `Accessible` | `Accessible` | | View application details | `Accessible` | `Accessible` | | Import pre-built application to application catalog | `Accessible` | `Accessible` | | Create environment | `Accessible` | `Accessible` | | Add application to environment | `Accessible` | `Accessible` | | Delete environment | `Accessible` | `Accessible` | | **Orchestration** | | | | Launch stack | `Accessible` | `Accessible` | | Delete stack | `Accessible` | `Not Accessible` |