Policy configuration¶
Warning
JSON formatted policy file is deprecated since Manila 12.0.0 (Wallaby). This oslopolicy-convert-json-to-yaml tool will migrate your existing JSON-formatted policy file to YAML in a backward-compatible way.
Configuration¶
The following is an overview of all available policies in Manila.
manila¶
project-admin
- Default:
role:admin and project_id:%(project_id)s
- Scope Types:
project
Project scoped Administrator
project-member
- Default:
role:member and project_id:%(project_id)s
- Scope Types:
project
Project scoped Member
project-reader
- Default:
role:reader and project_id:%(project_id)s
- Scope Types:
project
Project scoped Reader
owner-user
- Default:
user_id:%(user_id)s and project_id:%(project_id)s
- Scope Types:
project
Project scoped user that owns a user specific resource
admin_or_service_api
- Default:
role:admin or role:service
- Scope Types:
project
A service user or an administrator user.
context_is_admin
- Default:
role:admin
- Scope Types:
project
Privileged users checked via “context.is_admin”
context_is_host_admin
- Default:
role:admin and project_id:%(project_id)s
- Scope Types:
project
Privileged user who can select host during scheduling
admin_or_owner
- Default:
is_admin:True or project_id:%(project_id)s
Administrator or Member of the project
admin_or_owner_user
- Default:
is_admin:True or project_id:%(project_id)s and user_id:%(user_id)s
Administrator or owner user of a resource
default
- Default:
rule:admin_or_owner
Default rule for most non-Admin APIs
admin_api
- Default:
is_admin:True
Default rule for most Admin APIs.
availability_zone:index
- Default:
(rule:context_is_admin) or (rule:project-reader)
- Operations:
GET
/os-availability-zone
GET
/availability-zone
- Scope Types:
project
Get all storage availability zones.
scheduler_stats:pools:index
- Default:
rule:context_is_admin
- Operations:
GET
/scheduler-stats/pools?{query}
- Scope Types:
project
Get information regarding backends (and storage pools) known to the scheduler.
scheduler_stats:pools:detail
- Default:
rule:context_is_admin
- Operations:
GET
/scheduler-stats/pools/detail?{query}
- Scope Types:
project
Get detailed information regarding backends (and storage pools) known to the scheduler.
share:create
- Default:
(rule:context_is_admin) or (rule:project-member)
- Operations:
POST
/shares
- Scope Types:
project
Create share.
share:create_public_share
- Default:
rule:context_is_admin
- Operations:
POST
/shares
- Scope Types:
project
Create shares visible across all projects in the cloud.
share:get
- Default:
(rule:context_is_admin) or (rule:project-reader)
- Operations:
GET
/shares/{share_id}
- Scope Types:
project
Get share.
share:get_all
- Default:
(rule:context_is_admin) or (rule:project-reader)
- Operations:
GET
/shares?{query}
GET
/shares/detail?{query}
- Scope Types:
project
List shares.
share:update
- Default:
(rule:context_is_admin) or (rule:project-member)
- Operations:
PUT
/shares/{share_id}
- Scope Types:
project
Update a share.
share:set_public_share
- Default:
rule:context_is_admin
- Operations:
PUT
/shares/{share_id}
- Scope Types:
project
Update a share to be visible across all projects in the cloud.
share:delete
- Default:
(rule:context_is_admin) or (rule:project-member)
- Operations:
DELETE
/shares/{share_id}
- Scope Types:
project
Delete share.
share:soft_delete
- Default:
(rule:context_is_admin) or (rule:project-member)
- Operations:
POST
/shares/{share_id}/action
- Scope Types:
project
Soft Delete a share.
share:restore
- Default:
(rule:context_is_admin) or (rule:project-member)
- Operations:
POST
/shares/{share_id}/action
- Scope Types:
project
Restore a share.
share:force_delete
- Default:
rule:context_is_admin
- Operations:
DELETE
/shares/{share_id}
- Scope Types:
project
Force Delete a share.
share:manage
- Default:
rule:context_is_admin
- Operations:
POST
/shares/manage
- Scope Types:
project
Manage share.
share:unmanage
- Default:
rule:context_is_admin
- Operations:
POST
/shares/unmanage
- Scope Types:
project
Unmanage share.
share:list_by_host
- Default:
rule:context_is_admin
- Operations:
GET
/shares?host={host}
GET
/shares/detail?host={host}
- Scope Types:
project
List share by host.
share:list_by_share_server_id
- Default:
rule:context_is_admin
- Operations:
GET
/shares?share_server_id={share_server_id}
GET
/shares/detail?share_server_id={share_server_id}
- Scope Types:
project
List share by server id.
share:access_get
- Default:
(rule:context_is_admin) or (rule:project-reader)
- Operations:
POST
/shares/{share_id}/action
- Scope Types:
project
Get share access rule (deprecated in API version 2.45).
share:access_get_all
- Default:
(rule:context_is_admin) or (rule:project-reader)
- Operations:
GET
/shares/{share_id}/action
- Scope Types:
project
List share access rules (deprecated in API version 2.45).
share:extend
- Default:
(rule:context_is_admin) or (rule:project-member)
- Operations:
POST
/shares/{share_id}/action
- Scope Types:
project
Extend share.
share:force_extend
- Default:
rule:context_is_admin
- Operations:
POST
/shares/{share_id}/action
- Scope Types:
project
Force extend share.
share:extend_beyond_max_share_size_spec
- Default:
rule:context_is_admin
- Operations:
POST
/shares/{share_id}/action
- Scope Types:
project
Extend share beyond max share size.
share:shrink
- Default:
(rule:context_is_admin) or (rule:project-member)
- Operations:
POST
/shares/{share_id}/action
- Scope Types:
project
Shrink share.
share:migration_start
- Default:
rule:context_is_admin
- Operations:
POST
/shares/{share_id}/action
- Scope Types:
project
Migrate a share to the specified host.
share:migration_complete
- Default:
rule:context_is_admin
- Operations:
POST
/shares/{share_id}/action
- Scope Types:
project
Invoke 2nd phase of share migration.
share:migration_cancel
- Default:
rule:context_is_admin
- Operations:
POST
/shares/{share_id}/action
- Scope Types:
project
Attempt to cancel share migration.
share:migration_get_progress
- Default:
rule:context_is_admin
- Operations:
POST
/shares/{share_id}/action
- Scope Types:
project
Retrieve share migration progress for a given share.
share:reset_task_state
- Default:
rule:context_is_admin
- Operations:
POST
/shares/{share_id}/action
- Scope Types:
project
Reset task state.
share:reset_status
- Default:
rule:context_is_admin
- Operations:
POST
/shares/{share_id}/action
- Scope Types:
project
Reset status.
share:revert_to_snapshot
- Default:
(rule:context_is_admin) or (rule:project-member)
- Operations:
POST
/shares/{share_id}/action
- Scope Types:
project
Revert a share to a snapshot.
share:allow_access
- Default:
(rule:context_is_admin) or (rule:project-member)
- Operations:
POST
/shares/{share_id}/action
- Scope Types:
project
Add share access rule.
share:deny_access
- Default:
(rule:context_is_admin) or (rule:project-member)
- Operations:
POST
/shares/{share_id}/action
- Scope Types:
project
Remove share access rule.
share:update_share_metadata
- Default:
(rule:context_is_admin) or (rule:project-member)
- Operations:
PUT
/shares/{share_id}/metadata
POST
/shares/{share_id}/metadata/{key}
POST
/shares/{share_id}/metadata
- Scope Types:
project
Update share metadata.
share:delete_share_metadata
- Default:
(rule:context_is_admin) or (rule:project-member)
- Operations:
DELETE
/shares/{share_id}/metadata/{key}
- Scope Types:
project
Delete share metadata.
share:get_share_metadata
- Default:
(rule:context_is_admin) or (rule:project-reader)
- Operations:
GET
/shares/{share_id}/metadata
GET
/shares/{share_id}/metadata/{key}
- Scope Types:
project
Get share metadata.
share:list_shares_in_deferred_deletion_states
- Default:
rule:context_is_admin
- Operations:
GET
/v2/shares
GET
/shares/{share_id}
- Scope Types:
project
List (or get) shares whose deletion has been deferred
share:list_all_projects
- Default:
rule:context_is_admin
- Operations:
GET
/shares?all_tenants=1
GET
/shares/detail?all_tenants=1
- Scope Types:
project
List share by all projects.
share:create_snapshot
- Default:
(rule:context_is_admin) or (rule:project-member)
- Operations:
POST
/snapshots
- Scope Types:
project
Create share snapshot.
share:delete_snapshot
- Default:
(rule:context_is_admin) or (rule:project-member)
- Operations:
DELETE
/snapshots/{snapshot_id}
- Scope Types:
project
Delete share snapshot.
share:snapshot_update
- Default:
(rule:context_is_admin) or (rule:project-member)
- Operations:
PUT
/snapshots/{snapshot_id}/action
- Scope Types:
project
Update share snapshot.
share:update_admin_only_metadata
- Default:
rule:context_is_admin
- Operations:
PUT
/shares/{share_id}/metadata
- Scope Types:
project
Update metadata items that are considered “admin only” by the service.
share_instance_export_location:index
- Default:
rule:context_is_admin
- Operations:
POST
/share_instances/{share_instance_id}/export_locations
- Scope Types:
project
Return data about the requested export location.
share_instance_export_location:show
- Default:
rule:context_is_admin
- Operations:
GET
/share_instances/{share_instance_id}/export_locations/{export_location_id}
- Scope Types:
project
Return data about the requested export location.
share_type:create
- Default:
rule:context_is_admin
- Operations:
POST
/types
- Scope Types:
project
Create share type.
share_type:update
- Default:
rule:context_is_admin
- Operations:
PUT
/types/{share_type_id}
- Scope Types:
project
Update share type.
share_type:show
- Default:
(rule:context_is_admin) or (rule:project-reader)
- Operations:
GET
/types/{share_type_id}
- Scope Types:
project
Get share type.
share_type:index
- Default:
(rule:context_is_admin) or (rule:project-reader)
- Operations:
GET
/types?is_public=all
- Scope Types:
project
List share types.
share_type:default
- Default:
(rule:context_is_admin) or (rule:project-reader)
- Operations:
GET
/types/default
- Scope Types:
project
Get default share type.
share_type:delete
- Default:
rule:context_is_admin
- Operations:
DELETE
/types/{share_type_id}
- Scope Types:
project
Delete share type.
share_type:list_project_access
- Default:
rule:context_is_admin
- Operations:
GET
/types/{share_type_id}
- Scope Types:
project
List share type project access.
share_type:add_project_access
- Default:
rule:context_is_admin
- Operations:
POST
/types/{share_type_id}/action
- Scope Types:
project
Add share type to project.
share_type:remove_project_access
- Default:
rule:context_is_admin
- Operations:
POST
/types/{share_type_id}/action
- Scope Types:
project
Remove share type from project.
share_types_extra_spec:create
- Default:
rule:context_is_admin
- Operations:
POST
/types/{share_type_id}/extra_specs
- Scope Types:
project
Create share type extra spec.
share_types_extra_spec:show
- Default:
rule:context_is_admin
- Operations:
GET
/types/{share_type_id}/extra_specs
- Scope Types:
project
Get share type extra specs of a given share type.
share_types_extra_spec:index
- Default:
rule:context_is_admin
- Operations:
GET
/types/{share_type_id}/extra_specs/{extra_spec_id}
- Scope Types:
project
Get details of a share type extra spec.
share_types_extra_spec:update
- Default:
rule:context_is_admin
- Operations:
PUT
/types/{share_type_id}/extra_specs
- Scope Types:
project
Update share type extra spec.
share_types_extra_spec:delete
- Default:
rule:context_is_admin
- Operations:
DELETE
/types/{share_type_id}/extra_specs/{key}
- Scope Types:
project
Delete share type extra spec.
share_snapshot:get_snapshot
- Default:
(rule:context_is_admin) or (rule:project-reader)
- Operations:
GET
/snapshots/{snapshot_id}
- Scope Types:
project
Get share snapshot.
share_snapshot:get_all_snapshots
- Default:
(rule:context_is_admin) or (rule:project-reader)
- Operations:
GET
/snapshots?{query}
GET
/snapshots/detail?{query}
- Scope Types:
project
Get all share snapshots.
share_snapshot:list_all_projects
- Default:
rule:context_is_admin
- Operations:
GET
/snapshots?all_tenants=1
GET
/snapshots/detail?all_tenants=1
- Scope Types:
project
List share snapshots by all projects.
share_snapshot:force_delete
- Default:
rule:context_is_admin
- Operations:
DELETE
/snapshots/{snapshot_id}
- Scope Types:
project
Force Delete a share snapshot.
share_snapshot:manage_snapshot
- Default:
rule:context_is_admin
- Operations:
POST
/snapshots/manage
- Scope Types:
project
Manage share snapshot.
share_snapshot:unmanage_snapshot
- Default:
rule:context_is_admin
- Operations:
POST
/snapshots/{snapshot_id}/action
- Scope Types:
project
Unmanage share snapshot.
share_snapshot:reset_status
- Default:
rule:context_is_admin
- Operations:
POST
/snapshots/{snapshot_id}/action
- Scope Types:
project
Reset status.
share_snapshot:access_list
- Default:
(rule:context_is_admin) or (rule:project-reader)
- Operations:
GET
/snapshots/{snapshot_id}/access-list
- Scope Types:
project
List access rules of a share snapshot.
share_snapshot:allow_access
- Default:
(rule:context_is_admin) or (rule:project-member)
- Operations:
POST
/snapshots/{snapshot_id}/action
- Scope Types:
project
Allow access to a share snapshot.
share_snapshot:deny_access
- Default:
(rule:context_is_admin) or (rule:project-member)
- Operations:
POST
/snapshots/{snapshot_id}/action
- Scope Types:
project
Deny access to a share snapshot.
share_snapshot:update_metadata
- Default:
(rule:context_is_admin) or (rule:project-member)
- Operations:
PUT
/snapshots/{snapshot_id}/metadata
POST
/snapshots/{snapshot_id}/metadata/{key}
POST
/snapshots/{snapshot_id}/metadata
- Scope Types:
project
Update snapshot metadata.
share_snapshot:delete_metadata
- Default:
(rule:context_is_admin) or (rule:project-member)
- Operations:
DELETE
/snapshots/{snapshot_id}/metadata/{key}
- Scope Types:
project
Delete snapshot metadata.
share_snapshot:get_metadata
- Default:
(rule:context_is_admin) or (rule:project-reader)
- Operations:
GET
/snapshots/{snapshot_id}/metadata
GET
/snapshots/{snapshot_id}/metadata/{key}
- Scope Types:
project
Get snapshot metadata.
share_snapshot:list_snapshots_in_deferred_deletion_states
- Default:
rule:context_is_admin
- Operations:
GET
/v2/snapshots
GET
/snapshots/{snapshot_id}
- Scope Types:
project
List (or get) snapshots whose deletion has been deferred
share_snapshot_export_location:index
- Default:
(rule:context_is_admin) or (rule:project-reader)
- Operations:
GET
/snapshots/{snapshot_id}/export-locations/
- Scope Types:
project
List export locations of a share snapshot.
share_snapshot_export_location:show
- Default:
(rule:context_is_admin) or (rule:project-reader)
- Operations:
GET
/snapshots/{snapshot_id}/export-locations/{export_location_id}
- Scope Types:
project
Get details of a specified export location of a share snapshot.
share_snapshot_instance:show
- Default:
rule:context_is_admin
- Operations:
GET
/snapshot-instances/{snapshot_instance_id}
- Scope Types:
project
Get share snapshot instance.
share_snapshot_instance:index
- Default:
rule:context_is_admin
- Operations:
GET
/snapshot-instances?{query}
- Scope Types:
project
Get all share snapshot instances.
share_snapshot_instance:detail
- Default:
rule:context_is_admin
- Operations:
GET
/snapshot-instances/detail?{query}
- Scope Types:
project
Get details of share snapshot instances.
share_snapshot_instance:reset_status
- Default:
rule:context_is_admin
- Operations:
POST
/snapshot-instances/{snapshot_instance_id}/action
- Scope Types:
project
Reset share snapshot instance’s status.
share_snapshot_instance_export_location:index
- Default:
rule:context_is_admin
- Operations:
GET
/snapshot-instances/{snapshot_instance_id}/export-locations
- Scope Types:
project
List export locations of a share snapshot instance.
share_snapshot_instance_export_location:show
- Default:
rule:context_is_admin
- Operations:
GET
/snapshot-instances/{snapshot_instance_id}/export-locations/{export_location_id}
- Scope Types:
project
Show details of a specified export location of a share snapshot instance.
share_server:index
- Default:
rule:context_is_admin
- Operations:
GET
/share-servers?{query}
- Scope Types:
project
Get share servers.
share_server:show
- Default:
rule:context_is_admin
- Operations:
GET
/share-servers/{server_id}
- Scope Types:
project
Show share server.
share_server:details
- Default:
rule:context_is_admin
- Operations:
GET
/share-servers/{server_id}/details
- Scope Types:
project
Get share server details.
share_server:delete
- Default:
rule:context_is_admin
- Operations:
DELETE
/share-servers/{server_id}
- Scope Types:
project
Delete share server.
share_server:manage_share_server
- Default:
rule:context_is_admin
- Operations:
POST
/share-servers/manage
- Scope Types:
project
Manage share server.
share_server:unmanage_share_server
- Default:
rule:context_is_admin
- Operations:
POST
/share-servers/{share_server_id}/action
- Scope Types:
project
Unmanage share server.
share_server:reset_status
- Default:
rule:context_is_admin
- Operations:
POST
/share-servers/{share_server_id}/action
- Scope Types:
project
Reset the status of a share server.
share_server:share_server_migration_start
- Default:
rule:context_is_admin
- Operations:
POST
/share-servers/{share_server_id}/action
- Scope Types:
project
Migrates a share server to the specified host.
share_server:share_server_migration_check
- Default:
rule:context_is_admin
- Operations:
POST
/share-servers/{share_server_id}/action
- Scope Types:
project
Check if can migrates a share server to the specified host.
share_server:share_server_migration_complete
- Default:
rule:context_is_admin
- Operations:
POST
/share-servers/{share_server_id}/action
- Scope Types:
project
Invokes the 2nd phase of share server migration.
share_server:share_server_migration_cancel
- Default:
rule:context_is_admin
- Operations:
POST
/share-servers/{share_server_id}/action
- Scope Types:
project
Attempts to cancel share server migration.
share_server:share_server_migration_get_progress
- Default:
rule:context_is_admin
- Operations:
POST
/share-servers/{share_server_id}/action
- Scope Types:
project
Retrieves the share server migration progress for a given share server.
share_server:share_server_reset_task_state
- Default:
rule:context_is_admin
- Operations:
POST
/share-servers/{share_server_id}/action
- Scope Types:
project
Resets task state.
service:index
- Default:
rule:context_is_admin
- Operations:
GET
/os-services?{query}
GET
/services?{query}
- Scope Types:
project
Return a list of all running services.
service:update
- Default:
rule:context_is_admin
- Operations:
PUT
/os-services/disable
PUT
/os-services/enable
PUT
/services/disable
PUT
/services/enable
- Scope Types:
project
Enable/Disable scheduling for a service.
service:ensure_shares
- Default:
rule:context_is_admin
- Operations:
POST
/services/ensure
- Scope Types:
project
Run ensure shares for a manila-share binary.
quota_set:update
- Default:
rule:context_is_admin
- Operations:
PUT
/quota-sets/{project_id}
PUT
/quota-sets/{project_id}?user_id={user_id}
PUT
/quota-sets/{project_id}?share_type={share_type_id}
PUT
/os-quota-sets/{project_id}
PUT
/os-quota-sets/{project_id}?user_id={user_id}
- Scope Types:
project
Update the quotas for a project/user and/or share type.
quota_set:show
- Default:
(rule:context_is_admin) or (rule:project-reader)
- Operations:
GET
/quota-sets/{project_id}/defaults
GET
/os-quota-sets/{project_id}/defaults
- Scope Types:
project
List the quotas for a project/user.
quota_set:delete
- Default:
rule:context_is_admin
- Operations:
DELETE
/quota-sets/{project_id}
DELETE
/quota-sets/{project_id}?user_id={user_id}
DELETE
/quota-sets/{project_id}?share_type={share_type_id}
DELETE
/os-quota-sets/{project_id}
DELETE
/os-quota-sets/{project_id}?user_id={user_id}
- Scope Types:
project
Delete quota for a project/user or project/share-type. The quota will revert back to default (Admin only).
quota_class_set:update
- Default:
rule:context_is_admin
- Operations:
PUT
/quota-class-sets/{class_name}
PUT
/os-quota-class-sets/{class_name}
- Scope Types:
project
Update quota class.
quota_class_set:show
- Default:
(rule:context_is_admin) or (rule:project-reader)
- Operations:
GET
/quota-class-sets/{class_name}
GET
/os-quota-class-sets/{class_name}
- Scope Types:
project
Get quota class.
resource_lock:get
- Default:
(rule:admin_or_service_api) or (rule:project-reader)
- Operations:
GET
/resource-locks/{lock_id}
- Scope Types:
project
Get details of a given resource lock.
resource_lock:get_all
- Default:
(rule:admin_or_service_api) or (rule:project-reader)
- Operations:
GET
/resource-locks
GET
/resource-locks?{query}
- Scope Types:
project
Get all resource locks.
resource_lock:get_all_projects
- Default:
rule:admin_or_service_api
- Operations:
GET
/resource-locks?all_projects=1
GET
/resource-locks?all_projects=1&project_id={project_id}
- Scope Types:
project
Get resource locks from all project namespaces.
resource_lock:create
- Default:
(rule:admin_or_service_api) or (rule:project-member)
- Operations:
POST
/resource-locks
- Scope Types:
project
Create a resource lock.
resource_lock:update
- Default:
(rule:owner-user or rule:admin_or_service_api)
- Operations:
PUT
/resource-locks/{lock_id}
- Scope Types:
project
Update a resource lock.
resource_lock:delete
- Default:
(rule:owner-user or rule:admin_or_service_api)
- Operations:
DELETE
/resource-locks/{lock_id}
- Scope Types:
project
Delete a resource lock.
resource_lock:bypass_locked_show_action
- Default:
(rule:owner-user or rule:admin_or_service_api)
- Operations:
GET
/share-access-rules/{share_access_id}
GET
/share-access-rules?share_id={share_id}&key1=value1&key2=value2
- Scope Types:
project
Bypass a visibility lock placed in a resource.
share_group_types_spec:create
- Default:
rule:context_is_admin
- Operations:
POST
/share-group-types/{share_group_type_id}/group-specs
- Scope Types:
project
Create share group type specs.
share_group_types_spec:index
- Default:
rule:context_is_admin
- Operations:
GET
/share-group-types/{share_group_type_id}/group-specs
- Scope Types:
project
Get share group type specs.
share_group_types_spec:show
- Default:
rule:context_is_admin
- Operations:
GET
/share-group-types/{share_group_type_id}/group-specs/{key}
- Scope Types:
project
Get details of a share group type spec.
share_group_types_spec:update
- Default:
rule:context_is_admin
- Operations:
PUT
/share-group-types/{share_group_type_id}/group-specs/{key}
- Scope Types:
project
Update a share group type spec.
share_group_types_spec:delete
- Default:
rule:context_is_admin
- Operations:
DELETE
/share-group-types/{share_group_type_id}/group-specs/{key}
- Scope Types:
project
Delete a share group type spec.
share_group_type:create
- Default:
rule:context_is_admin
- Operations:
POST
/share-group-types
- Scope Types:
project
Create a new share group type.
share_group_type:index
- Default:
(rule:context_is_admin) or (rule:project-reader)
- Operations:
GET
/share-group-types?is_public=all
- Scope Types:
project
Get the list of share group types.
share_group_type:show
- Default:
(rule:context_is_admin) or (rule:project-reader)
- Operations:
GET
/share-group-types/{share_group_type_id}
- Scope Types:
project
Get details regarding the specified share group type.
share_group_type:default
- Default:
(rule:context_is_admin) or (rule:project-reader)
- Operations:
GET
/share-group-types/default
- Scope Types:
project
Get the default share group type.
share_group_type:delete
- Default:
rule:context_is_admin
- Operations:
DELETE
/share-group-types/{share_group_type_id}
- Scope Types:
project
Delete an existing group type.
share_group_type:list_project_access
- Default:
rule:context_is_admin
- Operations:
GET
/share-group-types/{share_group_type_id}/access
- Scope Types:
project
Get project access by share group type.
share_group_type:add_project_access
- Default:
rule:context_is_admin
- Operations:
POST
/share-group-types/{share_group_type_id}/action
- Scope Types:
project
Allow project to use the share group type.
share_group_type:remove_project_access
- Default:
rule:context_is_admin
- Operations:
POST
/share-group-types/{share_group_type_id}/action
- Scope Types:
project
Deny project access to use the share group type.
share_group_snapshot:create
- Default:
(rule:context_is_admin) or (rule:project-member)
- Operations:
POST
/share-group-snapshots
- Scope Types:
project
Create a new share group snapshot.
share_group_snapshot:get
- Default:
(rule:context_is_admin) or (rule:project-reader)
- Operations:
GET
/share-group-snapshots/{share_group_snapshot_id}
- Scope Types:
project
Get details of a share group snapshot.
share_group_snapshot:get_all
- Default:
(rule:context_is_admin) or (rule:project-reader)
- Operations:
GET
/share-group-snapshots?{query}
GET
/share-group-snapshots/detail?{query}
- Scope Types:
project
Get all share group snapshots.
share_group_snapshot:update
- Default:
(rule:context_is_admin) or (rule:project-member)
- Operations:
PUT
/share-group-snapshots/{share_group_snapshot_id}
- Scope Types:
project
Update a share group snapshot.
share_group_snapshot:delete
- Default:
(rule:context_is_admin) or (rule:project-member)
- Operations:
DELETE
/share-group-snapshots/{share_group_snapshot_id}
- Scope Types:
project
Delete a share group snapshot.
share_group_snapshot:force_delete
- Default:
rule:context_is_admin
- Operations:
POST
/share-group-snapshots/{share_group_snapshot_id}/action
- Scope Types:
project
Force delete a share group snapshot.
share_group_snapshot:reset_status
- Default:
rule:context_is_admin
- Operations:
POST
/share-group-snapshots/{share_group_snapshot_id}/action
- Scope Types:
project
Reset a share group snapshot’s status.
share_group:create
- Default:
(rule:context_is_admin) or (rule:project-member)
- Operations:
POST
/share-groups
- Scope Types:
project
Create share group.
share_group:get
- Default:
(rule:context_is_admin) or (rule:project-reader)
- Operations:
GET
/share-groups/{share_group_id}
- Scope Types:
project
Get details of a share group.
share_group:get_all
- Default:
(rule:context_is_admin) or (rule:project-reader)
- Operations:
GET
/share-groups?{query}
GET
/share-groups/detail?{query}
- Scope Types:
project
Get all share groups.
share_group:update
- Default:
(rule:context_is_admin) or (rule:project-member)
- Operations:
PUT
/share-groups/{share_group_id}
- Scope Types:
project
Update share group.
share_group:delete
- Default:
(rule:context_is_admin) or (rule:project-member)
- Operations:
DELETE
/share-groups/{share_group_id}
- Scope Types:
project
Delete share group.
share_group:force_delete
- Default:
rule:context_is_admin
- Operations:
POST
/share-groups/{share_group_id}/action
- Scope Types:
project
Force delete a share group.
share_group:reset_status
- Default:
rule:context_is_admin
- Operations:
POST
/share-groups/{share_group_id}/action
- Scope Types:
project
Reset share group’s status.
share_replica:create
- Default:
(rule:context_is_admin) or (rule:project-member)
- Operations:
POST
/share-replicas
- Scope Types:
project
Create share replica.
share_replica:get_all
- Default:
(rule:context_is_admin) or (rule:project-reader)
- Operations:
GET
/share-replicas
GET
/share-replicas/detail
GET
/share-replicas/detail?share_id={share_id}
- Scope Types:
project
Get all share replicas.
share_replica:show
- Default:
(rule:context_is_admin) or (rule:project-reader)
- Operations:
GET
/share-replicas/{share_replica_id}
- Scope Types:
project
Get details of a share replica.
share_replica:delete
- Default:
(rule:context_is_admin) or (rule:project-member)
- Operations:
DELETE
/share-replicas/{share_replica_id}
- Scope Types:
project
Delete a share replica.
share_replica:force_delete
- Default:
rule:context_is_admin
- Operations:
POST
/share-replicas/{share_replica_id}/action
- Scope Types:
project
Force delete a share replica.
share_replica:promote
- Default:
(rule:context_is_admin) or (rule:project-member)
- Operations:
POST
/share-replicas/{share_replica_id}/action
- Scope Types:
project
Promote a non-active share replica to active.
share_replica:resync
- Default:
rule:context_is_admin
- Operations:
POST
/share-replicas/{share_replica_id}/action
- Scope Types:
project
Resync a share replica that is out of sync.
share_replica:reset_replica_state
- Default:
rule:context_is_admin
- Operations:
POST
/share-replicas/{share_replica_id}/action
- Scope Types:
project
Reset share replica’s replica_state attribute.
share_replica:reset_status
- Default:
rule:context_is_admin
- Operations:
POST
/share-replicas/{share_replica_id}/action
- Scope Types:
project
Reset share replica’s status.
share_replica_export_location:index
- Default:
(rule:context_is_admin) or (rule:project-reader)
- Operations:
GET
/share-replicas/{share_replica_id}/export-locations
- Scope Types:
project
Get all export locations of a given share replica.
share_replica_export_location:show
- Default:
(rule:context_is_admin) or (rule:project-reader)
- Operations:
GET
/share-replicas/{share_replica_id}/export-locations/{export_location_id}
- Scope Types:
project
Get details about the requested share replica export location.
share_network:create
- Default:
(rule:context_is_admin) or (rule:project-member)
- Operations:
POST
/share-networks
- Scope Types:
project
Create share network.
share_network:show
- Default:
(rule:context_is_admin) or (rule:project-reader)
- Operations:
GET
/share-networks/{share_network_id}
- Scope Types:
project
Get details of a share network.
share_network:index
- Default:
(rule:context_is_admin) or (rule:project-reader)
- Operations:
GET
/share-networks?{query}
- Scope Types:
project
Get all share networks under a project.
share_network:detail
- Default:
(rule:context_is_admin) or (rule:project-reader)
- Operations:
GET
/share-networks/detail?{query}
- Scope Types:
project
Get details of share networks under a project.
share_network:update
- Default:
(rule:context_is_admin) or (rule:project-member)
- Operations:
PUT
/share-networks/{share_network_id}
- Scope Types:
project
Update a share network.
share_network:delete
- Default:
(rule:context_is_admin) or (rule:project-member)
- Operations:
DELETE
/share-networks/{share_network_id}
- Scope Types:
project
Delete a share network.
share_network:add_security_service
- Default:
(rule:context_is_admin) or (rule:project-member)
- Operations:
POST
/share-networks/{share_network_id}/action
- Scope Types:
project
Add security service to share network.
share_network:add_security_service_check
- Default:
(rule:context_is_admin) or (rule:project-member)
- Operations:
POST
/share-networks/{share_network_id}/action
- Scope Types:
project
Check the feasibility of add security service to a share network.
share_network:remove_security_service
- Default:
(rule:context_is_admin) or (rule:project-member)
- Operations:
POST
/share-networks/{share_network_id}/action
- Scope Types:
project
Remove security service from share network.
share_network:update_security_service
- Default:
(rule:context_is_admin) or (rule:project-member)
- Operations:
POST
/share-networks/{share_network_id}/action
- Scope Types:
project
Update security service from share network.
share_network:update_security_service_check
- Default:
(rule:context_is_admin) or (rule:project-member)
- Operations:
POST
/share-networks/{share_network_id}/action
- Scope Types:
project
Check the feasibility of update a security service from share network.
share_network:reset_status
- Default:
rule:context_is_admin
- Operations:
POST
/share-networks/{share_network_id}/action
- Scope Types:
project
Reset share network`s status.
share_network:get_all_share_networks
- Default:
rule:context_is_admin
- Operations:
GET
/share-networks?all_tenants=1
GET
/share-networks/detail?all_tenants=1
- Scope Types:
project
Get share networks belonging to all projects.
share_network:subnet_create_check
- Default:
(rule:context_is_admin) or (rule:project-member)
- Operations:
POST
/share-networks/{share_network_id}/action
- Scope Types:
project
Check the feasibility of create a new share network subnet for share network.
share_network_subnet:create
- Default:
(rule:context_is_admin) or (rule:project-member)
- Operations:
POST
/share-networks/{share_network_id}/subnets
- Scope Types:
project
Create a new share network subnet.
share_network_subnet:delete
- Default:
(rule:context_is_admin) or (rule:project-member)
- Operations:
DELETE
/share-networks/{share_network_id}/subnets/{share_network_subnet_id}
- Scope Types:
project
Delete a share network subnet.
share_network_subnet:show
- Default:
(rule:context_is_admin) or (rule:project-reader)
- Operations:
GET
/share-networks/{share_network_id}/subnets/{share_network_subnet_id}
- Scope Types:
project
Shows a share network subnet.
share_network_subnet:index
- Default:
(rule:context_is_admin) or (rule:project-reader)
- Operations:
GET
/share-networks/{share_network_id}/subnets
- Scope Types:
project
Get all share network subnets.
share_network_subnet:update_metadata
- Default:
(rule:context_is_admin) or (rule:project-member)
- Operations:
PUT
/share-networks/{share_network_id}/subnets/{share_network_subnet_id}/metadata
POST
/share-networks/{share_network_id}/subnets/{share_network_subnet_id}/metadata/{key}
POST
/share-networks/{share_network_id}/subnets/{share_network_subnet_id}/metadata
- Scope Types:
system
project
Update share network subnet metadata.
share_network_subnet:delete_metadata
- Default:
(rule:context_is_admin) or (rule:project-member)
- Operations:
DELETE
/share-networks/{share_network_id}/subnets/{share_network_subnet_id}/metadata/{key}
- Scope Types:
system
project
Delete share network subnet metadata.
share_network_subnet:get_metadata
- Default:
(rule:context_is_admin) or (rule:project-reader)
- Operations:
GET
/share-networks/{share_network_id}/subnets/{share_network_subnet_id}/metadata
GET
/share-networks/{share_network_id}/subnets/{share_network_subnet_id}/metadata/{key}
- Scope Types:
system
project
Get share network subnet metadata.
security_service:create
- Default:
(rule:context_is_admin) or (rule:project-member)
- Operations:
POST
/security-services
- Scope Types:
project
Create security service.
security_service:show
- Default:
(rule:context_is_admin) or (rule:project-reader)
- Operations:
GET
/security-services/{security_service_id}
- Scope Types:
project
Get details of a security service.
security_service:detail
- Default:
(rule:context_is_admin) or (rule:project-reader)
- Operations:
GET
/security-services/detail?{query}
- Scope Types:
project
Get details of all security services.
security_service:index
- Default:
(rule:context_is_admin) or (rule:project-reader)
- Operations:
GET
/security-services?{query}
- Scope Types:
project
Get all security services under a project.
security_service:update
- Default:
(rule:context_is_admin) or (rule:project-member)
- Operations:
PUT
/security-services/{security_service_id}
- Scope Types:
project
Update a security service.
security_service:delete
- Default:
(rule:context_is_admin) or (rule:project-member)
- Operations:
DELETE
/security-services/{security_service_id}
- Scope Types:
project
Delete a security service.
security_service:get_all_security_services
- Default:
rule:context_is_admin
- Operations:
GET
/security-services?all_tenants=1
GET
/security-services/detail?all_tenants=1
- Scope Types:
project
Get security services of all projects.
share_export_location:index
- Default:
(rule:context_is_admin) or (rule:project-reader)
- Operations:
GET
/shares/{share_id}/export_locations
- Scope Types:
project
Get all export locations of a given share.
share_export_location:show
- Default:
(rule:context_is_admin) or (rule:project-reader)
- Operations:
GET
/shares/{share_id}/export_locations/{export_location_id}
- Scope Types:
project
Get details about the requested export location.
share_export_location:update_metadata
- Default:
(rule:context_is_admin) or (rule:project-member)
- Operations:
PUT
/shares/{share_id}/export_locations/{export_location_id}/metadata
POST
/shares/{share_id}/export_locations/{export_location_id}/metadata/{key}
POST
/shares/{share_id}/export_locations/{export_location_id}/metadata
- Scope Types:
project
Update share export location metadata.
share_export_location:delete_metadata
- Default:
(rule:context_is_admin) or (rule:project-member)
- Operations:
DELETE
/shares/{share_id}/export_locations/{export_location_id}/metadata/{key}
- Scope Types:
project
Delete share export location metadata
share_export_location:get_metadata
- Default:
(rule:context_is_admin) or (rule:project-reader)
- Operations:
GET
/shares/{share_id}/export_locations/{export_location_id}/metadata
GET
/shares/{share_id}/export_locations/{export_location_id}/metadata/{key}
- Scope Types:
project
Get share export location metadata
share_export_location:update_admin_only_metadata
- Default:
rule:context_is_admin
- Operations:
PUT
/shares/{share_id}/export_locations/{export_location_id}/metadata
- Scope Types:
project
Update metadata items that are considered “admin only” by the service.
share_instance:index
- Default:
rule:context_is_admin
- Operations:
GET
/share_instances
GET
/share_instances?{query}
- Scope Types:
project
Get all share instances.
share_instance:show
- Default:
rule:context_is_admin
- Operations:
GET
/share_instances/{share_instance_id}
- Scope Types:
project
Get details of a share instance.
share_instance:force_delete
- Default:
rule:context_is_admin
- Operations:
POST
/share_instances/{share_instance_id}/action
- Scope Types:
project
Force delete a share instance.
share_instance:reset_status
- Default:
rule:context_is_admin
- Operations:
POST
/share_instances/{share_instance_id}/action
- Scope Types:
project
Reset share instance’s status.
message:get
- Default:
(rule:context_is_admin) or (rule:project-reader)
- Operations:
GET
/messages/{message_id}
- Scope Types:
project
Get details of a given message.
message:get_all
- Default:
(rule:context_is_admin) or (rule:project-reader)
- Operations:
GET
/messages
GET
/messages?{query}
- Scope Types:
project
Get all messages.
message:delete
- Default:
(rule:context_is_admin) or (rule:project-member)
- Operations:
DELETE
/messages/{message_id}
- Scope Types:
project
Delete a message.
share_access_rule:get
- Default:
(rule:context_is_admin) or (rule:project-reader)
- Operations:
GET
/share-access-rules/{share_access_id}
- Scope Types:
project
Get details of a share access rule.
share_access_rule:index
- Default:
(rule:context_is_admin) or (rule:project-reader)
- Operations:
GET
/share-access-rules?share_id={share_id}&key1=value1&key2=value2
- Scope Types:
project
List access rules of a given share.
share_access_metadata:update
- Default:
(rule:context_is_admin) or (rule:project-member)
- Operations:
PUT
/share-access-rules/{share_access_id}/metadata
- Scope Types:
project
Set metadata for a share access rule.
share_access_metadata:delete
- Default:
(rule:context_is_admin) or (rule:project-member)
- Operations:
DELETE
/share-access-rules/{share_access_id}/metadata/{key}
- Scope Types:
project
Delete metadata for a share access rule.
share_transfer:get_all
- Default:
(rule:context_is_admin) or (rule:project-reader)
- Operations:
GET
/share-transfers
GET
/share-transfers/detail
List share transfers.
share_transfer:get_all_tenant
- Default:
rule:context_is_admin
- Operations:
GET
/share-transfers
GET
/share-transfers/detail
- Scope Types:
project
List share transfers with all tenants.
share_transfer:create
- Default:
(rule:context_is_admin) or (rule:project-member)
- Operations:
POST
/share-transfers
Create a share transfer.
share_transfer:get
- Default:
(rule:context_is_admin) or (rule:project-reader)
- Operations:
GET
/share-transfers/{transfer_id}
Show one specified share transfer.
share_transfer:accept
- Default:
(rule:context_is_admin) or (rule:project-member)
- Operations:
POST
/share-transfers/{transfer_id}/accept
Accept a share transfer.
share_transfer:delete
- Default:
(rule:context_is_admin) or (rule:project-member)
- Operations:
DELETE
/share-transfers/{transfer_id}
Delete share transfer.
share_backup:create
- Default:
(rule:context_is_admin) or (rule:project-member)
- Operations:
POST
/share-backups
- Scope Types:
project
Create share backup.
share_backup:get
- Default:
(rule:context_is_admin) or (rule:project-reader)
- Operations:
GET
/share-backups/{backup_id}
- Scope Types:
project
Get share backup.
share_backup:get_all
- Default:
(rule:context_is_admin) or (rule:project-reader)
- Operations:
GET
/share-backups
GET
/share-backups/detail
GET
/share-backups/detail?share_id=(share_id}
- Scope Types:
project
Get all share backups.
share_backup:get_all_project
- Default:
rule:context_is_admin
- Operations:
GET
/share-backups?all_tenants=1
GET
/share-backups/detail?all_tenants=1
- Scope Types:
project
Get share backups of all projects.
share_backup:restore
- Default:
(rule:context_is_admin) or (rule:project-member)
- Operations:
POST
/share-backups/{backup_id}/action
- Scope Types:
project
Restore a share backup.
share_backup:reset_status
- Default:
rule:context_is_admin
- Operations:
POST
/share-backups/{backup_id}/action
- Scope Types:
project
Reset status.
share_backup:update
- Default:
(rule:context_is_admin) or (rule:project-member)
- Operations:
PUT
/share-backups/{backup_id}
- Scope Types:
project
Update a share backup.
share_backup:delete
- Default:
(rule:context_is_admin) or (rule:project-member)
- Operations:
DELETE
/share-backups/{backup_id}
- Scope Types:
project
Force Delete a share backup.