• Buy Now
    • Rackspace Cloud
    • Email & Apps
    • Fanatical Support for AWS
    • Managed Google Cloud Platform
    • Office 365
  • Log In
    • MyRackspace Portal
    • Cloud Control Panel
    • Rackspace Webmail Login
    • Cloud Office Control Panel
  • Rackspace Logo
  • Developer Home
  • Developer Documentation
  • Blogs ▼
    • Technical Blog
    • Rackspace Blog
    • Solve: Thought Leadership
  • Support Documentation

Developer Docs


Let’s Build Something Powerful Together!

End-to-End Multicloud Solutions.   Solving Together.™   Learn more at Rackspace.com

Submit an issue
  • Cloud Networks 2.0
  • Getting started
    • Get your credentials
    • Send API requests to Rackspace Cloud Networks
      • Install CLI clients and Cloud Networks Virtual Interface extension
      • Convert cURL examples to run on Windows
    • Authenticate to the Rackspace Cloud
      • Authenticate by using the nova client
      • Authenticate by using cURL
      • Send an authentication request
      • Review the authentication response
      • Configure environment variables
    • Rackspace Cloud Networks Concepts
      • Network concepts
      • Subnet concepts
      • Port concepts
      • Security groups and rules concepts
      • Shared IP addresses
    • Manage networks
      • Creating and listing networks
      • Booting a new server
      • Deleting a network
      • Attaching a network to an existing server
    • Configure network variations
      • Controlling dynamic IP address allocation by using allocation pools
      • Configuring host routes
      • Provisioning IP addresses on isolated network ports
      • Sharing IP addresses
    • Control network access
      • Controlling network traffic
  • General API Information
    • Service access endpoints
    • Request and response types
    • Paginated collections
    • Quotas
    • Filtering requests
    • Date and time format
    • Role Based Access Control
      • Assigning roles to account users
      • Roles available for Cloud Networks
      • Multiproduct global roles and permissions
      • Resolving conflicts between RBAC multiproduct and product-specific roles
      • RBAC permissions cross-reference to Cloud Networks API operations
  • API reference
    • Network operations
      • Retrieve list of networks
      • Create network
      • Show network
      • Update network
      • Delete network
    • Subnet operations
      • Retrieve list of subnets
      • Create subnet
      • Show subnet
      • Update subnet
      • Delete subnet
    • Port operations
      • Retrieve list of ports
      • Create port
      • Show port
      • Update port
      • Delete port
    • Security groups operations
      • List security groups
      • Create security group
      • Show security group
      • Delete security group
      • List security group rules
      • Create security group rule
      • Show security group rule
      • Delete security group rule
    • Shared IP address operations
      • Retrieve list of IP addresses
      • Provision IP address
      • Update ports with an IP address
      • Show IP address details
      • De-allocate IP address
      • Retrieve list of IP addresses explicitly associated with a server
      • Explicitly associate IP address with server
      • Show specific IP addresses explicitly associated with server
      • Delete association between IP address and server
  • Release Notes
    • API v2.0 updates, February 07, 2017
      • What's new
      • Resolved issues
      • Known issues
    • API v2.0 updates, August 15, 2016
      • What's new
      • Resolved issues
      • Known issues
    • API v2.0 updates, July 25, 2016
      • What's new
      • Resolved issues
      • Known issues
    • API v2.0 updates, March 24, 2015
      • What's new
      • Resolved issues
      • Known issues
    • API v2.0 updates, March 19, 2015
      • What's new
      • Resolved issues
      • Known issues
    • API v2.0 release, September 30, 2014
      • What's new
      • Resolved issues
      • Known issues
  • Service updates
  • Additional resources
  • Disclaimer

Role Based Access Control#

Role-based access control (RBAC) restricts access to the capabilities of Rackspace Cloud services, including the Cloud Networks API, to authorized users only. RBAC enables Rackspace Cloud customers to specify users have access to which Cloud Networks API service capabilities, based on roles defined by Rackspace. The permissions to perform certain operations in Cloud Networks API (create, read, update, delete) are assigned to specific roles. The account owner user assigns these roles, either global (multiproduct) or product-specific (for example, Cloud Networks), to account users.

Assigning roles to account users#

The account owner (identity:user-admin) can create account users on the account and then assign roles to those users. The roles grant the account users specific permissions for accessing the capabilities of the Cloud Networks service. Each account has only one account owner, and that role is assigned by default to any Rackspace Cloud account when the account is created.

See the Identity API guide for information about how to perform the following tasks:

  • Add account users
  • Add role to user
  • Delete global role from user

Note

The account owner (identity:user-admin) role cannot hold any additional roles because it already has full access to all capabilities.

Roles available for Cloud Networks#

The following table describes the roles that can be used to access the Cloud Networks API.

Product roles and capabilities#
Role name Role permissions
cloudNetworks:admin This role provides Create, Read, Update, and Delete permissions in Cloud Networks, where access is granted.
cloudNetworks:creator This role provides Create, Read and Update permissions in Cloud Networks, where access is granted.
cloudNetworks:observer This role provides Read permission in Cloud Networks, where access is granted.

Multiproduct global roles and permissions#

Additionally, two multiproduct roles apply to all products. Users with multiproduct roles inherit access to products when those products become RBAC-enabled. The following table describes these roles and their permissions.

Multiproduct roles and permissions

Multiproduct roles and permissions#
Role name Role permissions
admin This role provides create, read, update, and delete permissions in all products, where access is granted.
observer This role provides read permission in all products, where access is granted.

Resolving conflicts between RBAC multiproduct and product-specific roles#

The account owner can set roles for both multiproduct and Cloud Networks scope, and it is important to understand how any potential conflicts between these roles are resolved. When two roles appear to conflict, the role that provides the more extensive permissions takes precedence. Therefore, admin roles take precedence over observer and creator roles, because admin roles provide more permissions.

The following table shows two examples of how potential conflicts between user roles in the Control Panel are resolved.

Example of resolving permissions#
Permission configuration Control Panel permission view Control Panel admin capabilities
User is assigned the following roles: multiproduct observer and Cloud Networks admin Appears that the user has only the multiproduct observer role User can perform admin functions for Cloud Networks only. The user has the observer role for the rest of the products.
User is assigned to the following roles: multiproduct admin and Cloud Networks observer Appears that the user has only the multiprodcut admin role User can perform admin functions for all of the products. The Cloud Networks observer role is ignored.

RBAC permissions cross-reference to Cloud Networks API operations#

API operations for Cloud Networks may or may not be available to all roles. To see which operations are permitted to invoke which calls, review the Permissions Matrix for Role-Based Access Control (RBAC).

Previous Date and time format
Next API reference
Developer Network
  • Developer Center
  • API Documentation and User Guides
  • SDKs
  • Rackspace How-To
Blogs
  • Technical Blog
  • Rackspace Blog
  • Solve: Thought Leadership
Other Information
  • Customer Stories
  • Events
  • Programs
  • Careers
  • Style Guide for Technical Content
©2020 Rackspace US, Inc.
  • ©2020 Rackspace US, Inc.
  • About Rackspace
  • Privacy Statement
  • Website Terms
  • Trademarks