Role Based Privileges

Refer to the table below for a detailed breakdown of each task that can be done by a self-service user and an administrator.

TaskRole
AdministratorSelf-service User
Infrastructure Management
Add Host Accessible Not Accessible
Configure Host Accessible Not Accessible
Deauthorize Host Accessible Not Accessible
Create Host Aggregate Accessible Not Accessible
Delete Host Aggregate Accessible Not Accessible
User Management
Create user Accessible Not Accessible
Edit user Accessible Not Accessible
Delete user Accessible Not Accessible
Edit Quota Accessible Not Accessible
Manage multi-factor authentication Accessible Not Accessible
Tenant Management
Create tenant Accessible Not Accessible
Edit tenant Accessible Not Accessible
Delete tenant Accessible Not Accessible
Network Management
Create provider network Accessible Not Accessible
Edit provider network Accessible Not Accessible
Delete provider network Accessible Not Accessible
Create external network Accessible Not Accessible
Edit external network Accessible Not Accessible
Delete external network Accessible Not Accessible
Create tenant network Accessible Accessible
Edit tenant network Accessible Accessible
Delete tenant network Accessible Accessible
Create router Accessible Accessible
Edit router Accessible Accessible
Delete router Accessible Accessible
Create security group Accessible Accessible
Edit security group Accessible Accessible
Delete security group Accessible Accessible
Assign floating IP address Accessible Accessible
Remote floating IP address Accessible Accessible
Delete floating IP address Accessible Accessible
Configure networking Accessible Accessible
Block Storage Management
Create volume Accessible Accessible
Edit volume Accessible Accessible
Attach volume Accessible Accessible
Detach volume Accessible Accessible
Take volume snapshot Accessible Accessible
Edit volume snapshot Accessible Accessible
Delete volume snapshot Accessible Accessible
Upload volume as image Accessible Accessible
Delete volume Accessible Accessible
Create volume type Accessible Not Accessible
Image Management
Add image Accessible Not Accessible
Edit image Accessible Partial. Can edit name and description only.
Delete image Accessible Not Accessible
Add bulk metadata to image Accessible Accessible
Remove bulk metadata to image Accessible Accessible
Instance Management
Create instance Accessible Accessible
Edit instance Accessible Accessible
Delete instance Accessible Accessible
Take snapshot of instance Accessible Accessible
Start instance Accessible Accessible
Stop instance Accessible Accessible
Suspend instance Accessible Accessible
Resume instance Accessible Accessible
Reboot instance Accessible Accessible
Rename instance Accessible Accessible
Add metadata for instance Accessible Accessible
Edit metadata for instance Accessible Accessible
Delete metadata for instance Accessible Accessible
Assign floating IP to instance Accessible Accessible
Remove floating IP assigned to instance Accessible Accessible
Add fixed IP to instance Accessible Accessible
Remove fixed IP assigned to instance Accessible Accessible
Security Management
Import SSH key-pair Accessible Accessible
Delete SSH key-pair Accessible Accessible
View environment variables for access through API calls Accessible Accessible
Application Management
Create application Accessible Accessible
Deploy application Accessible Accessible
Edit applications Accessible Accessible
Delete application Accessible Accessible
Download application package Accessible Accessible
View application details Accessible Accessible
Import pre-built application to application catalog Accessible Accessible
Create environment Accessible Accessible
Add application to environment Accessible Accessible
Delete environment Accessible Accessible
Orchestration
Launch stack Accessible Accessible
Delete stack Accessible Not Accessible