• Buy Now
    • Rackspace Cloud
    • Email & Apps
    • Fanatical Support for AWS
    • Managed Google Cloud Platform
    • Office 365
  • Log In
    • MyRackspace Portal
    • Cloud Control Panel
    • Rackspace Webmail Login
    • Cloud Office Control Panel
  • Rackspace Logo
  • Developer Home
  • Developer Documentation
  • Blogs ▼
    • Technical Blog
    • Rackspace Blog
    • Solve: Thought Leadership
  • Support Documentation

Developer Docs


Let’s Build Something Powerful Together!

End-to-End Multicloud Solutions.   Solving Together.™   Learn more at Rackspace.com

Submit an issue
  • Cloud Servers 2.0
  • Getting started
    • Get your credentials
    • Send API requests to Cloud Servers
      • Install CLI client and Cloud Servers Virtual Interface extension
      • Convert cURL examples to run on Windows
    • Authenticate to the Rackspace Cloud
      • Authenticating by using the nova client
      • Authenticating by using cURL
    • Cloud Servers Concepts
      • How Cloud Servers work
    • Create your first server
      • Listing images
      • Listing flavors
      • Booting a new server with your cloud network
      • Getting server details
      • Listing servers
      • Deleting your cloud server
    • Create your first network
      • Creating network
      • Listing flavors
      • Booting a new server with your cloud network
      • Getting network details
      • Deleting your cloud network
    • Attach your network to an existing server
      • Creating a virtual interface
      • Listing virtual interfaces for a server
      • Deleting a virtual interface from a server
  • General API information
    • Service access endpoints
    • Request and response types
    • Links and References
    • Paginated collections
      • JSON Collection
    • Efficient Polling with the Changes-Since Parameter
    • Limits
      • Rate Limits
      • Absolute Limits
    • Quotas
    • Faults
      • Synchronous Faults
      • Asynchronous Faults
      • badRequest
      • itemNotFound
      • overLimit
      • serviceUnavailable
      • unauthorized
    • Date and time format
    • Flavors
      • Virtual Cloud Server Flavors
      • OnMetal Cloud Server Flavors
      • Supported Flavors for Cloud Servers
    • Role-based access control (RBAC)
      • Assigning roles to account users
      • Roles available for Cloud Servers
      • Multiproduct global roles and permissions
      • Resolving conflicts between RBAC multiproduct and product-specific roles
      • RBAC permissions cross-reference to Cloud Servers API operations
  • API extensions
    • Rackspace Extensions
    • Disk Configuration Extension
      • Changes to Get Server/Image Details
      • Changes to Rebuild Server
      • Changes to Resize Server
      • Changes to Create Server
    • Extended Status Extension
      • Task states
    • Rescue Mode Extension
      • Rescue and unrescue server action operations
    • Used Limits Extension
      • Changes to List of rate and absolute limits to include used limits
    • Scheduled Images Extension
      • API operations for scheduling images
    • Flavors Extra Specs Extension
      • Changes to Get flavor details API operation
    • Flavors OS Extra Specs Extension
      • API operations for Flavor OS extra specs extension
    • Server Actions Extension
      • List server actions and show action details operations
    • Config Drive Extension
    • Volumes Extension
      • Volume attachment operations
    • Boot from volume
      • Create volume from image and boot instance
      • Use pre-made bootable volume to boot instance
      • API operations for creating or using bootable volumes
      • Block-device-mapping attribute versus block-device attribute
    • Network extension
      • API operations for networks extension
    • Virtual Interfaces extension
      • API operations for virtual interfaces extension
    • Scheduler Hint Extension
      • Why use scheduler hints?
      • Scheduler hint operations
  • API reference
    • Server operations
      • Create server
      • Create server with disk config
      • Create server with scheduler hints
      • Retrieve list of servers
      • List servers with details
      • Show server details
      • Update server
      • Delete server
      • Create a server key pair
      • Import a server key pair
      • Retrieve list of key pairs
      • Delete key pair
      • Attach volume to server
      • List server volumes
      • Show volume attachment details
      • Delete volume attachment from a server
      • Create bootable volume and server
      • Retrieve list of server actions
      • Retrieve log details for a specified server action
      • Change password for specified server
      • Reset network for server
      • Reboot specified server
      • Rebuild specified server
      • Resize specified server
      • Confirm server resize for specified server
      • Revert server resize for specified server
      • Migrate specified server
      • Create image of specified server
      • Rescue specified server
      • Unrescue specified server
      • Lock specified server
      • Unlock specified server
      • Start specified server
      • Stop specified server
      • Retrieves list of server addresses
      • Retrieve list of network addresses for server and network
      • List server metadata
      • Set server metadata
      • Update server metadata
      • Show server metadata item details
      • Set server metadata item
      • Delete server metadata item
    • Flavor operations
      • Retrieve list of flavors
      • Retrieve list of flavors with details
      • Retrieve flavor details
      • Show flavor with extra specs
      • List extra specs for flavors
      • Get details for specified flavor extra spec
    • Image operations
      • Retrieve list of images
      • Retrieve list of images with details
      • Retrieve image details
      • Delete image
      • Retrieve image metadata for specified image
      • Set image metadata for specified image
      • Retrieve image metadata item for specified image
      • Set image metadata item for specified image
      • Delete image metadata item for specified image
      • Enable scheduled Images
      • Show scheduled Images
      • Disable scheduled Images
    • Networks operations
      • Retrieve list of networks
      • Create network
      • Create server with network
      • Show network
      • Delete network
      • Retrieve list of virtual interfaces
      • Create virtual interface and attach to server
      • Delete virtual interface
    • Miscellaneous server operations
      • Retrieve list of rate and absolute limits
      • Retrieve list of limits including used limits
      • Get console
      • Retrieve quotas
      • Retrieve list of extensions
      • Retrieve details for the specified extension
  • Release Notes
    • API v2.0 updates, September 15, 2016
      • What's new
      • Resolved issues
      • Known issues
    • API v2.0 updates, August 15, 2016
      • What's new
      • Resolved issues
      • Known issues
    • API v2.0 updates, June 2, 2015
      • What's new
      • Resolved issues
      • Known issues
    • API v2.0 updates, October 30, 2014
      • What's new
      • Resolved issues
      • Known issues
    • API v2.0 updates, July 24, 2014
      • What's new
      • Resolved issues
      • Known issues
    • API v2.0 updates, August 21, 2012
      • What's new
      • Resolved issues
      • Known issues
    • API v2.0 updates, August 15, 2012
      • What's new
      • Resolved issues
      • Known issues
    • API v2.0 updates, July 9, 2012
      • What's new
      • Resolved issues
      • Known issues
    • API v2.0 updates, June 13, 2012
      • What's new
      • Resolved issues
      • Known issues
    • API v2.0 release, May 1, 2012
      • What's new
      • Resolved issues
      • Known issues
  • Service updates
  • Additional resources
  • Disclaimer

Role-based access control (RBAC)#

Role-based access control (RBAC) restricts access to the capabilities of Rackspace Cloud services, including the Cloud Servers API, to authorized users only. RBAC enables Rackspace Cloud customers to specify users have access to which Cloud Servers API service capabilities, based on roles defined by Rackspace. The permissions to perform certain operations in Cloud Servers API (create, read, update, delete) are assigned to specific roles. The account owner user assigns these roles, either global (multiproduct) or product-specific (for example, Cloud Servers), to account users.

Assigning roles to account users#

The account owner (identity:user-admin) can create account users on the account and then assign roles to those users. The roles grant the account users specific permissions for accessing the capabilities of the Cloud Servers service. Each account has only one account owner, and that role is assigned by default to any Rackspace Cloud account when the account is created.

See the Identity API guide for information about how to perform the following tasks:

  • Add account users
  • Add role to user
  • Delete global role from user

Note

The account owner (identity:user-admin) role cannot hold any additional roles because it already has full access to all capabilities.

Roles available for Cloud Servers#

The following table describes the roles that can be used to access the Cloud Servers API.

Product roles and capabilities#
Role name Role permissions
nova:admin This role provides Create, Read, Update, and Delete permissions in Cloud Servers, where access is granted.
lbaas:creator This role provides Create, Read and Update permissions in Cloud Servers, where access is granted.
lbaas:observer This role provides Read permission in Cloud Servers, where access is granted.

Multiproduct global roles and permissions#

Additionally, two multiproduct roles apply to all products. Users with multiproduct roles inherit access to future products when those products become RBAC-enabled. The following list describes these roles and their permissions.

Multiproduct (Global) Roles and Permissions

Multiproduct roles and permissions#
Role name Role permissions
admin This role provides create, read, update, and delete permissions in all products, where access is granted.
observer This role provides read permission in all products, where access is granted.

Resolving conflicts between RBAC multiproduct and product-specific roles#

The account owner can set roles for both multiproduct and Cloud Servers scope, and it is important to understand how any potential conflicts between these roles are resolved. When two roles appear to conflict, the role that provides the more extensive permissions takes precedence. Therefore, admin roles take precedence over observer and creator roles, because admin roles provide more permissions.

The following table shows two examples of how potential conflicts between user roles in the Control Panel are resolved.

Example of resolving permissions#
Permission configuration Control Panel permission view Control Panel admin capabilities
User is assigned the following roles: multiproduct observer and Cloud Servers admin Appears that the user has only the multiproduct observer role User can perform admin functions for Cloud Servers only. The user has the observer role for the rest of the products.
User is assigned to the following roles: multiproduct admin and Cloud Servers observer Appears that the user has only the multiprodcut admin role User can perform admin functions for all of the products. The Cloud Servers observer role is ignored.

RBAC permissions cross-reference to Cloud Servers API operations#

API operations for Cloud Servers may or may not be available to all roles. To see which operations are permitted to invoke which calls, please review the Permissions Matrix for Role-Based Access Control (RBAC).

Previous Flavors
Next API extensions
Developer Network
  • Developer Center
  • API Documentation and User Guides
  • SDKs
  • Rackspace How-To
Blogs
  • Technical Blog
  • Rackspace Blog
  • Solve: Thought Leadership
Other Information
  • Customer Stories
  • Events
  • Programs
  • Careers
  • Style Guide for Technical Content
©2020 Rackspace US, Inc.
  • ©2020 Rackspace US, Inc.
  • About Rackspace
  • Privacy Statement
  • Website Terms
  • Trademarks