Policy configuration¶
Warning
JSON formatted policy file is deprecated since Manila 12.0.0 (Wallaby). This oslopolicy-convert-json-to-yaml tool will migrate your existing JSON-formatted policy file to YAML in a backward-compatible way.
Configuration¶
The following is an overview of all available policies in Manila.
manila¶
system-admin
- Default
role:admin and system_scope:all
- Scope Types
system
System scoped Administrator
system-member
- Default
role:member and system_scope:all
- Scope Types
system
System scoped Member
system-reader
- Default
role:reader and system_scope:all
- Scope Types
system
System scoped Reader
project-admin
- Default
role:admin and project_id:%(project_id)s
- Scope Types
project
Project scoped Administrator
project-member
- Default
role:member and project_id:%(project_id)s
- Scope Types
project
Project scoped Member
project-reader
- Default
role:reader and project_id:%(project_id)s
- Scope Types
project
Project scoped Reader
context_is_admin
- Default
rule:system-admin
- Scope Types
system
Privileged users checked via “context.is_admin”
admin_or_owner
- Default
is_admin:True or project_id:%(project_id)s
Administrator or Member of the project
default
- Default
rule:admin_or_owner
Default rule for most non-Admin APIs
admin_api
- Default
is_admin:True
Default rule for most Admin APIs.
availability_zone:index
- Default
(rule:system-reader) or (rule:project-reader)
- Operations
GET
/os-availability-zone
GET
/availability-zone
- Scope Types
system
project
Get all storage availability zones.
scheduler_stats:pools:index
- Default
rule:system-reader
- Operations
GET
/scheduler-stats/pools
GET
/scheduler-stats/pools?{query}
- Scope Types
system
Get information regarding backends (and storage pools) known to the scheduler.
scheduler_stats:pools:detail
- Default
rule:system-reader
- Operations
GET
/scheduler-stats/pools/detail?{query}
GET
/scheduler-stats/pools/detail
- Scope Types
system
Get detailed information regarding backends (and storage pools) known to the scheduler.
share:create
- Default
(rule:system-admin) or (rule:project-member)
- Operations
POST
/shares
- Scope Types
system
project
Create share.
share:create_public_share
- Default
rule:system-admin
- Operations
POST
/shares
- Scope Types
system
Create shares visible across all projects in the cloud.
share:get
- Default
(rule:system-reader) or (rule:project-reader)
- Operations
GET
/shares/{share_id}
- Scope Types
system
project
Get share.
share:get_all
- Default
(rule:system-reader) or (rule:project-reader)
- Operations
GET
/shares
GET
/shares/detail
- Scope Types
system
project
List shares.
share:update
- Default
(rule:system-admin) or (rule:project-member)
- Operations
PUT
/shares
- Scope Types
system
project
Update share.
share:set_public_share
- Default
rule:system-admin
- Operations
PUT
/shares
- Scope Types
system
Update shares to be visible across all projects in the cloud.
share:delete
- Default
(rule:system-admin) or (rule:project-member)
- Operations
DELETE
/shares/{share_id}
- Scope Types
system
project
Delete share.
share:force_delete
- Default
(rule:system-admin) or (rule:project-admin)
- Operations
DELETE
/shares/{share_id}
- Scope Types
system
project
Force Delete a share.
share:manage
- Default
rule:system-admin
- Operations
POST
/shares/manage
- Scope Types
system
Manage share.
share:unmanage
- Default
rule:system-admin
- Operations
POST
/shares/unmanage
- Scope Types
system
Unmanage share.
share:list_by_host
- Default
rule:system-reader
- Operations
GET
/shares
GET
/shares/detail
- Scope Types
system
List share by host.
share:list_by_share_server_id
- Default
rule:system-reader
- Operations
GET
/shares
GET
/shares/detail
- Scope Types
system
List share by server id.
share:access_get
- Default
(rule:system-reader) or (rule:project-reader)
- Operations
POST
/shares/{share_id}/action
- Scope Types
system
project
Get share access rule, it under deny access operation.
share:access_get_all
- Default
(rule:system-reader) or (rule:project-reader)
- Operations
GET
/shares/{share_id}/action
- Scope Types
system
project
List share access rules.
share:extend
- Default
(rule:system-admin) or (rule:project-member)
- Operations
POST
/shares/{share_id}/action
- Scope Types
system
project
Extend share.
share:force_extend
- Default
(rule:system-admin) or (rule:project-admin)
- Operations
POST
/shares/{share_id}/action
- Scope Types
system
project
Force extend share.
share:shrink
- Default
(rule:system-admin) or (rule:project-member)
- Operations
POST
/shares/{share_id}/action
- Scope Types
system
project
Shrink share.
share:migration_start
- Default
rule:system-admin
- Operations
POST
/shares/{share_id}/action
- Scope Types
system
Migrate a share to the specified host.
share:migration_complete
- Default
rule:system-admin
- Operations
POST
/shares/{share_id}/action
- Scope Types
system
Invokes 2nd phase of share migration.
share:migration_cancel
- Default
rule:system-admin
- Operations
POST
/shares/{share_id}/action
- Scope Types
system
Attempts to cancel share migration.
share:migration_get_progress
- Default
rule:system-reader
- Operations
POST
/shares/{share_id}/action
- Scope Types
system
Retrieve share migration progress for a given share.
share:reset_task_state
- Default
(rule:system-admin) or (rule:project-admin)
- Operations
POST
/shares/{share_id}/action
- Scope Types
system
project
Reset task state.
share:reset_status
- Default
(rule:system-admin) or (rule:project-admin)
- Operations
POST
/shares/{share_id}/action
- Scope Types
system
project
Reset status.
share:revert_to_snapshot
- Default
(rule:system-admin) or (rule:project-member)
- Operations
POST
/shares/{share_id}/action
- Scope Types
system
project
Revert a share to a snapshot.
share:allow_access
- Default
(rule:system-admin) or (rule:project-member)
- Operations
POST
/shares/{share_id}/action
- Scope Types
system
project
Add share access rule.
share:deny_access
- Default
(rule:system-admin) or (rule:project-member)
- Operations
POST
/shares/{share_id}/action
- Scope Types
system
project
Remove share access rule.
share:update_share_metadata
- Default
(rule:system-admin) or (rule:project-member)
- Operations
PUT
/shares/{share_id}/metadata
- Scope Types
system
project
Update share metadata.
share:delete_share_metadata
- Default
(rule:system-admin) or (rule:project-member)
- Operations
DELETE
/shares/{share_id}/metadata/{key}
- Scope Types
system
project
Delete share metadata.
share:get_share_metadata
- Default
(rule:system-reader) or (rule:project-reader)
- Operations
GET
/shares/{share_id}/metadata
- Scope Types
system
project
Get share metadata.
share:create_snapshot
- Default
(rule:system-admin) or (rule:project-member)
- Operations
POST
/snapshots
- Scope Types
system
project
Create share snapshot.
share:delete_snapshot
- Default
(rule:system-admin) or (rule:project-member)
- Operations
DELETE
/snapshots/{snapshot_id}
- Scope Types
system
project
Delete share snapshot.
share:snapshot_update
- Default
(rule:system-admin) or (rule:project-member)
- Operations
PUT
/snapshots/{snapshot_id}/action
- Scope Types
system
project
Update share snapshot.
share_instance_export_location:index
- Default
rule:system-reader
- Operations
POST
/share_instances/{share_instance_id}/export_locations
- Scope Types
system
Return data about the requested export location.
share_instance_export_location:show
- Default
rule:system-reader
- Operations
GET
/share_instances/{share_instance_id}/export_locations/{export_location_id}
- Scope Types
system
Return data about the requested export location.
share_type:create
- Default
rule:system-admin
- Operations
POST
/types
- Scope Types
system
Create share type.
share_type:update
- Default
rule:system-admin
- Operations
PUT
/types/{share_type_id}
- Scope Types
system
Update share type.
share_type:show
- Default
(rule:system-reader) or (rule:project-reader)
- Operations
GET
/types/{share_type_id}
- Scope Types
system
project
Get share type.
share_type:index
- Default
(rule:system-reader) or (rule:project-reader)
- Operations
GET
/types
GET
/types?is_public=all
- Scope Types
system
project
List share types.
share_type:default
- Default
(rule:system-reader) or (rule:project-reader)
- Operations
GET
/types/default
- Scope Types
system
project
Get default share type.
share_type:delete
- Default
rule:system-admin
- Operations
DELETE
/types/{share_type_id}
- Scope Types
system
Delete share type.
share_type:list_project_access
- Default
rule:system-reader
- Operations
GET
/types/{share_type_id}
- Scope Types
system
List share type project access.
share_type:add_project_access
- Default
rule:system-admin
- Operations
POST
/types/{share_type_id}/action
- Scope Types
system
Add share type to project.
share_type:remove_project_access
- Default
rule:system-admin
- Operations
POST
/types/{share_type_id}/action
- Scope Types
system
Remove share type from project.
share_types_extra_spec:create
- Default
rule:system-admin
- Operations
POST
/types/{share_type_id}/extra_specs
- Scope Types
system
Create share type extra spec.
share_types_extra_spec:show
- Default
rule:system-reader
- Operations
GET
/types/{share_type_id}/extra_specs
- Scope Types
system
Get share type extra specs of a given share type.
share_types_extra_spec:index
- Default
rule:system-reader
- Operations
GET
/types/{share_type_id}/extra_specs/{extra_spec_id}
- Scope Types
system
Get details of a share type extra spec.
share_types_extra_spec:update
- Default
rule:system-admin
- Operations
PUT
/types/{share_type_id}/extra_specs
- Scope Types
system
Update share type extra spec.
share_types_extra_spec:delete
- Default
rule:system-admin
- Operations
DELETE
/types/{share_type_id}/extra_specs/{key}
- Scope Types
system
Delete share type extra spec.
share_snapshot:get_snapshot
- Default
(rule:system-reader) or (rule:project-reader)
- Operations
GET
/snapshots/{snapshot_id}
- Scope Types
system
project
Get share snapshot.
share_snapshot:get_all_snapshots
- Default
(rule:system-reader) or (rule:project-reader)
- Operations
GET
/snapshots
GET
/snapshots/detail
GET
/snapshots?{query}
GET
/snapshots/detail?{query}
- Scope Types
system
project
Get all share snapshots.
share_snapshot:force_delete
- Default
(rule:system-admin) or (rule:project-admin)
- Operations
DELETE
/snapshots/{snapshot_id}
- Scope Types
system
project
Force Delete a share snapshot.
share_snapshot:manage_snapshot
- Default
rule:system-admin
- Operations
POST
/snapshots/manage
- Scope Types
system
Manage share snapshot.
share_snapshot:unmanage_snapshot
- Default
rule:system-admin
- Operations
POST
/snapshots/{snapshot_id}/action
- Scope Types
system
Unmanage share snapshot.
share_snapshot:reset_status
- Default
(rule:system-admin) or (rule:project-admin)
- Operations
POST
/snapshots/{snapshot_id}/action
- Scope Types
system
project
Reset status.
share_snapshot:access_list
- Default
(rule:system-reader) or (rule:project-reader)
- Operations
GET
/snapshots/{snapshot_id}/access-list
- Scope Types
system
project
List access rules of a share snapshot.
share_snapshot:allow_access
- Default
(rule:system-admin) or (rule:project-member)
- Operations
POST
/snapshots/{snapshot_id}/action
- Scope Types
system
project
Allow access to a share snapshot.
share_snapshot:deny_access
- Default
(rule:system-admin) or (rule:project-member)
- Operations
POST
/snapshots/{snapshot_id}/action
- Scope Types
system
project
Deny access to a share snapshot.
share_snapshot_export_location:index
- Default
(rule:system-reader) or (rule:project-reader)
- Operations
GET
/snapshots/{snapshot_id}/export-locations/
- Scope Types
system
project
List export locations of a share snapshot.
share_snapshot_export_location:show
- Default
(rule:system-reader) or (rule:project-reader)
- Operations
GET
/snapshots/{snapshot_id}/export-locations/{export_location_id}
- Scope Types
system
project
Get details of a specified export location of a share snapshot.
share_snapshot_instance:show
- Default
rule:system-reader
- Operations
GET
/snapshot-instances/{snapshot_instance_id}
- Scope Types
system
Get share snapshot instance.
share_snapshot_instance:index
- Default
rule:system-reader
- Operations
GET
/snapshot-instances
GET
/snapshot-instances?{query}
- Scope Types
system
Get all share snapshot instances.
share_snapshot_instance:detail
- Default
rule:system-reader
- Operations
GET
/snapshot-instances/detail
GET
/snapshot-instances/detail?{query}
- Scope Types
system
Get details of share snapshot instances.
share_snapshot_instance:reset_status
- Default
rule:system-admin
- Operations
POST
/snapshot-instances/{snapshot_instance_id}/action
- Scope Types
system
Reset share snapshot instance’s status.
share_snapshot_instance_export_location:index
- Default
rule:system-reader
- Operations
GET
/snapshot-instances/{snapshot_instance_id}/export-locations
- Scope Types
system
List export locations of a share snapshot instance.
share_snapshot_instance_export_location:show
- Default
rule:system-reader
- Operations
GET
/snapshot-instances/{snapshot_instance_id}/export-locations/{export_location_id}
- Scope Types
system
Show details of a specified export location of a share snapshot instance.
share_server:index
- Default
rule:system-reader
- Operations
GET
/share-servers
GET
/share-servers?{query}
- Scope Types
system
Get share servers.
share_server:show
- Default
rule:system-reader
- Operations
GET
/share-servers/{server_id}
- Scope Types
system
Show share server.
share_server:details
- Default
rule:system-reader
- Operations
GET
/share-servers/{server_id}/details
- Scope Types
system
Get share server details.
share_server:delete
- Default
rule:system-admin
- Operations
DELETE
/share-servers/{server_id}
- Scope Types
system
Delete share server.
share_server:manage_share_server
- Default
rule:system-admin
- Operations
POST
/share-servers/manage
- Scope Types
system
Manage share server.
share_server:unmanage_share_server
- Default
rule:system-admin
- Operations
POST
/share-servers/{share_server_id}/action
- Scope Types
system
Unmanage share server.
share_server:reset_status
- Default
rule:system-admin
- Operations
POST
/share-servers/{share_server_id}/action
- Scope Types
system
Reset the status of a share server.
share_server:share_server_migration_start
- Default
rule:system-admin
- Operations
POST
/share-servers/{share_server_id}/action
- Scope Types
system
Migrates a share server to the specified host.
share_server:share_server_migration_check
- Default
rule:system-reader
- Operations
POST
/share-servers/{share_server_id}/action
- Scope Types
system
Check if can migrates a share server to the specified host.
share_server:share_server_migration_complete
- Default
rule:system-admin
- Operations
POST
/share-servers/{share_server_id}/action
- Scope Types
system
Invokes the 2nd phase of share server migration.
share_server:share_server_migration_cancel
- Default
rule:system-admin
- Operations
POST
/share-servers/{share_server_id}/action
- Scope Types
system
Attempts to cancel share server migration.
share_server:share_server_migration_get_progress
- Default
rule:system-reader
- Operations
POST
/share-servers/{share_server_id}/action
- Scope Types
system
Retrieves the share server migration progress for a given share server.
share_server:share_server_reset_task_state
- Default
rule:system-admin
- Operations
POST
/share-servers/{share_server_id}/action
- Scope Types
system
Resets task state.
service:index
- Default
rule:system-reader
- Operations
GET
/os-services
GET
/os-services?{query}
GET
/services
GET
/services?{query}
- Scope Types
system
Return a list of all running services.
service:update
- Default
rule:system-admin
- Operations
PUT
/os-services/disable
PUT
/os-services/enable
PUT
/services/disable
PUT
/services/enable
- Scope Types
system
Enable/Disable scheduling for a service.
quota_set:update
- Default
rule:system-admin
- Operations
PUT
/quota-sets/{tenant_id}
PUT
/quota-sets/{tenant_id}?user_id={user_id}
PUT
/quota-sets/{tenant_id}?share_type={share_type_id}
PUT
/os-quota-sets/{tenant_id}
PUT
/os-quota-sets/{tenant_id}?user_id={user_id}
- Scope Types
system
Update the quotas for a project/user and/or share type.
quota_set:show
- Default
(rule:system-reader) or (rule:project-reader)
- Operations
GET
/quota-sets/{tenant_id}/defaults
GET
/os-quota-sets/{tenant_id}/defaults
- Scope Types
system
project
List the quotas for a tenant/user.
quota_set:delete
- Default
rule:system-admin
- Operations
DELETE
/quota-sets/{tenant_id}
DELETE
/quota-sets/{tenant_id}?user_id={user_id}
DELETE
/quota-sets/{tenant_id}?share_type={share_type_id}
DELETE
/os-quota-sets/{tenant_id}
DELETE
/os-quota-sets/{tenant_id}?user_id={user_id}
- Scope Types
system
Delete quota for a tenant/user or tenant/share-type. The quota will revert back to default (Admin only).
quota_class_set:update
- Default
rule:system-admin
- Operations
PUT
/quota-class-sets/{class_name}
PUT
/os-quota-class-sets/{class_name}
- Scope Types
system
Update quota class.
quota_class_set:show
- Default
(rule:system-reader) or (rule:project-reader)
- Operations
GET
/quota-class-sets/{class_name}
GET
/os-quota-class-sets/{class_name}
- Scope Types
system
project
Get quota class.
share_group_types_spec:create
- Default
rule:system-admin
- Operations
POST
/share-group-types/{share_group_type_id}/group-specs
- Scope Types
system
Create share group type specs.
share_group_types_spec:index
- Default
rule:system-reader
- Operations
GET
/share-group-types/{share_group_type_id}/group-specs
- Scope Types
system
Get share group type specs.
share_group_types_spec:show
- Default
rule:system-reader
- Operations
GET
/share-group-types/{share_group_type_id}/group-specs/{key}
- Scope Types
system
Get details of a share group type spec.
share_group_types_spec:update
- Default
rule:system-admin
- Operations
PUT
/share-group-types/{share_group_type_id}/group-specs/{key}
- Scope Types
system
Update a share group type spec.
share_group_types_spec:delete
- Default
rule:system-admin
- Operations
DELETE
/share-group-types/{share_group_type_id}/group-specs/{key}
- Scope Types
system
Delete a share group type spec.
share_group_type:create
- Default
rule:system-admin
- Operations
POST
/share-group-types
- Scope Types
system
Create a new share group type.
share_group_type:index
- Default
(rule:system-reader) or (rule:project-reader)
- Operations
GET
/share-group-types
GET
/share-group-types?is_public=all
- Scope Types
system
project
Get the list of share group types.
share_group_type:show
- Default
(rule:system-reader) or (rule:project-reader)
- Operations
GET
/share-group-types/{share_group_type_id}
- Scope Types
system
project
Get details regarding the specified share group type.
share_group_type:default
- Default
(rule:system-reader) or (rule:project-reader)
- Operations
GET
/share-group-types/default
- Scope Types
system
project
Get the default share group type.
share_group_type:delete
- Default
rule:system-admin
- Operations
DELETE
/share-group-types/{share_group_type_id}
- Scope Types
system
Delete an existing group type.
share_group_type:list_project_access
- Default
rule:system-reader
- Operations
GET
/share-group-types/{share_group_type_id}/access
- Scope Types
system
Get project access by share group type.
share_group_type:add_project_access
- Default
rule:system-admin
- Operations
POST
/share-group-types/{share_group_type_id}/action
- Scope Types
system
Allow project to use the share group type.
share_group_type:remove_project_access
- Default
rule:system-admin
- Operations
POST
/share-group-types/{share_group_type_id}/action
- Scope Types
system
Deny project access to use the share group type.
share_group_snapshot:create
- Default
(rule:system-admin) or (rule:project-member)
- Operations
POST
/share-group-snapshots
- Scope Types
system
project
Create a new share group snapshot.
share_group_snapshot:get
- Default
(rule:system-reader) or (rule:project-reader)
- Operations
GET
/share-group-snapshots/{share_group_snapshot_id}
- Scope Types
system
project
Get details of a share group snapshot.
share_group_snapshot:get_all
- Default
(rule:system-reader) or (rule:project-reader)
- Operations
GET
/share-group-snapshots
GET
/share-group-snapshots/detail
GET
/share-group-snapshots/{query}
GET
/share-group-snapshots/detail?{query}
- Scope Types
system
project
Get all share group snapshots.
share_group_snapshot:update
- Default
(rule:system-admin) or (rule:project-member)
- Operations
PUT
/share-group-snapshots/{share_group_snapshot_id}
- Scope Types
system
project
Update a share group snapshot.
share_group_snapshot:delete
- Default
(rule:system-admin) or (rule:project-member)
- Operations
DELETE
/share-group-snapshots/{share_group_snapshot_id}
- Scope Types
system
project
Delete a share group snapshot.
share_group_snapshot:force_delete
- Default
(rule:system-admin) or (rule:project-admin)
- Operations
POST
/share-group-snapshots/{share_group_snapshot_id}/action
- Scope Types
system
project
Force delete a share group snapshot.
share_group_snapshot:reset_status
- Default
(rule:system-admin) or (rule:project-admin)
- Operations
POST
/share-group-snapshots/{share_group_snapshot_id}/action
- Scope Types
system
project
Reset a share group snapshot’s status.
share_group:create
- Default
(rule:system-admin) or (rule:project-member)
- Operations
POST
/share-groups
- Scope Types
system
project
Create share group.
share_group:get
- Default
(rule:system-reader) or (rule:project-reader)
- Operations
GET
/share-groups/{share_group_id}
- Scope Types
system
project
Get details of a share group.
share_group:get_all
- Default
(rule:system-reader) or (rule:project-reader)
- Operations
GET
/share-groups
GET
/share-groups/detail
GET
/share-groups?{query}
GET
/share-groups/detail?{query}
- Scope Types
system
project
Get all share groups.
share_group:update
- Default
(rule:system-admin) or (rule:project-member)
- Operations
PUT
/share-groups/{share_group_id}
- Scope Types
system
project
Update share group.
share_group:delete
- Default
(rule:system-admin) or (rule:project-member)
- Operations
DELETE
/share-groups/{share_group_id}
- Scope Types
system
project
Delete share group.
share_group:force_delete
- Default
(rule:system-admin) or (rule:project-admin)
- Operations
POST
/share-groups/{share_group_id}/action
- Scope Types
system
project
Force delete a share group.
share_group:reset_status
- Default
(rule:system-admin) or (rule:project-admin)
- Operations
POST
/share-groups/{share_group_id}/action
- Scope Types
system
project
Reset share group’s status.
share_replica:create
- Default
(rule:system-admin) or (rule:project-member)
- Operations
POST
/share-replicas
- Scope Types
system
project
Create share replica.
share_replica:get_all
- Default
(rule:system-reader) or (rule:project-reader)
- Operations
GET
/share-replicas
GET
/share-replicas/detail
GET
/share-replicas/detail?share_id={share_id}
- Scope Types
system
project
Get all share replicas.
share_replica:show
- Default
(rule:system-reader) or (rule:project-reader)
- Operations
GET
/share-replicas/{share_replica_id}
- Scope Types
system
project
Get details of a share replica.
share_replica:delete
- Default
(rule:system-admin) or (rule:project-member)
- Operations
DELETE
/share-replicas/{share_replica_id}
- Scope Types
system
project
Delete a share replica.
share_replica:force_delete
- Default
(rule:system-admin) or (rule:project-admin)
- Operations
POST
/share-replicas/{share_replica_id}/action
- Scope Types
system
project
Force delete a share replica.
share_replica:promote
- Default
(rule:system-admin) or (rule:project-member)
- Operations
POST
/share-replicas/{share_replica_id}/action
- Scope Types
system
project
Promote a non-active share replica to active.
share_replica:resync
- Default
(rule:system-admin) or (rule:project-admin)
- Operations
POST
/share-replicas/{share_replica_id}/action
- Scope Types
system
project
Resync a share replica that is out of sync.
share_replica:reset_replica_state
- Default
(rule:system-admin) or (rule:project-admin)
- Operations
POST
/share-replicas/{share_replica_id}/action
- Scope Types
system
project
Reset share replica’s replica_state attribute.
share_replica:reset_status
- Default
(rule:system-admin) or (rule:project-admin)
- Operations
POST
/share-replicas/{share_replica_id}/action
- Scope Types
system
project
Reset share replica’s status.
share_replica_export_location:index
- Default
(rule:system-reader) or (rule:project-reader)
- Operations
GET
/share-replicas/{share_replica_id}/export-locations
- Scope Types
system
project
Get all export locations of a given share replica.
share_replica_export_location:show
- Default
(rule:system-reader) or (rule:project-reader)
- Operations
GET
/share-replicas/{share_replica_id}/export-locations/{export_location_id}
- Scope Types
system
project
Get details about the requested share replica export location.
share_network:create
- Default
(rule:system-admin) or (rule:project-member)
- Operations
POST
/share-networks
- Scope Types
system
project
Create share network.
share_network:show
- Default
(rule:system-reader) or (rule:project-reader)
- Operations
GET
/share-networks/{share_network_id}
- Scope Types
system
project
Get details of a share network.
share_network:index
- Default
(rule:system-reader) or (rule:project-reader)
- Operations
GET
/share-networks
GET
/share-networks?{query}
- Scope Types
system
project
Get all share networks.
share_network:detail
- Default
(rule:system-reader) or (rule:project-reader)
- Operations
GET
/share-networks/detail?{query}
GET
/share-networks/detail
- Scope Types
system
project
Get details of share networks .
share_network:update
- Default
(rule:system-admin) or (rule:project-member)
- Operations
PUT
/share-networks/{share_network_id}
- Scope Types
system
project
Update a share network.
share_network:delete
- Default
(rule:system-admin) or (rule:project-member)
- Operations
DELETE
/share-networks/{share_network_id}
- Scope Types
system
project
Delete a share network.
share_network:add_security_service
- Default
(rule:system-admin) or (rule:project-member)
- Operations
POST
/share-networks/{share_network_id}/action
- Scope Types
system
project
Add security service to share network.
share_network:add_security_service_check
- Default
(rule:system-admin) or (rule:project-member)
- Operations
POST
/share-networks/{share_network_id}/action
- Scope Types
system
project
Check the feasibility of add security service to a share network.
share_network:remove_security_service
- Default
(rule:system-admin) or (rule:project-member)
- Operations
POST
/share-networks/{share_network_id}/action
- Scope Types
system
project
Remove security service from share network.
share_network:update_security_service
- Default
(rule:system-admin) or (rule:project-member)
- Operations
POST
/share-networks/{share_network_id}/action
- Scope Types
system
project
Update security service from share network.
share_network:update_security_service_check
- Default
(rule:system-admin) or (rule:project-member)
- Operations
POST
/share-networks/{share_network_id}/action
- Scope Types
system
project
Check the feasibility of update a security service from share network.
share_network:reset_status
- Default
(rule:system-admin) or (rule:project-admin)
- Operations
POST
/share-networks/{share_network_id}/action
- Scope Types
system
project
Reset share network`s status.
share_network:get_all_share_networks
- Default
rule:system-reader
- Operations
GET
/share-networks?all_tenants=1
GET
/share-networks/detail?all_tenants=1
- Scope Types
system
Get share networks belonging to all projects.
share_network_subnet:create
- Default
(rule:system-admin) or (rule:project-member)
- Operations
POST
/share-networks/{share_network_id}/subnets
- Scope Types
system
project
Create a new share network subnet.
share_network_subnet:delete
- Default
(rule:system-admin) or (rule:project-member)
- Operations
DELETE
/share-networks/{share_network_id}/subnets/{share_network_subnet_id}
- Scope Types
system
project
Delete a share network subnet.
share_network_subnet:show
- Default
(rule:system-reader) or (rule:project-reader)
- Operations
GET
/share-networks/{share_network_id}/subnets/{share_network_subnet_id}
- Scope Types
system
project
Shows a share network subnet.
share_network_subnet:index
- Default
(rule:system-reader) or (rule:project-reader)
- Operations
GET
/share-networks/{share_network_id}/subnets
- Scope Types
system
project
Get all share network subnets.
security_service:create
- Default
(rule:system-admin) or (rule:project-member)
- Operations
POST
/security-services
- Scope Types
system
project
Create security service.
security_service:show
- Default
(rule:system-reader) or (rule:project-reader)
- Operations
GET
/security-services/{security_service_id}
- Scope Types
system
project
Get details of a security service.
security_service:detail
- Default
(rule:system-reader) or (rule:project-reader)
- Operations
GET
/security-services/detail?{query}
GET
/security-services/detail
- Scope Types
system
project
Get details of all security services.
security_service:index
- Default
(rule:system-reader) or (rule:project-reader)
- Operations
GET
/security-services
GET
/security-services?{query}
- Scope Types
system
project
Get all security services.
security_service:update
- Default
(rule:system-admin) or (rule:project-member)
- Operations
PUT
/security-services/{security_service_id}
- Scope Types
system
project
Update a security service.
security_service:delete
- Default
(rule:system-admin) or (rule:project-member)
- Operations
DELETE
/security-services/{security_service_id}
- Scope Types
system
project
Delete a security service.
security_service:get_all_security_services
- Default
rule:system-reader
- Operations
GET
/security-services?all_tenants=1
GET
/security-services/detail?all_tenants=1
- Scope Types
system
Get security services of all projects.
share_export_location:index
- Default
(rule:system-reader) or (rule:project-reader)
- Operations
GET
/shares/{share_id}/export_locations
- Scope Types
system
project
Get all export locations of a given share.
share_export_location:show
- Default
(rule:system-reader) or (rule:project-reader)
- Operations
GET
/shares/{share_id}/export_locations/{export_location_id}
- Scope Types
system
project
Get details about the requested export location.
share_instance:index
- Default
rule:system-reader
- Operations
GET
/share_instances
GET
/share_instances?{query}
- Scope Types
system
Get all share instances.
share_instance:show
- Default
rule:system-reader
- Operations
GET
/share_instances/{share_instance_id}
- Scope Types
system
Get details of a share instance.
share_instance:force_delete
- Default
rule:system-admin
- Operations
POST
/share_instances/{share_instance_id}/action
- Scope Types
system
Force delete a share instance.
share_instance:reset_status
- Default
rule:system-admin
- Operations
POST
/share_instances/{share_instance_id}/action
- Scope Types
system
Reset share instance’s status.
message:get
- Default
(rule:system-reader) or (rule:project-reader)
- Operations
GET
/messages/{message_id}
- Scope Types
system
project
Get details of a given message.
message:get_all
- Default
(rule:system-reader) or (rule:project-reader)
- Operations
GET
/messages
GET
/messages?{query}
- Scope Types
system
project
Get all messages.
message:delete
- Default
(rule:system-admin) or (rule:project-member)
- Operations
DELETE
/messages/{message_id}
- Scope Types
system
project
Delete a message.
share_access_rule:get
- Default
(rule:system-reader) or (rule:project-reader)
- Operations
GET
/share-access-rules/{share_access_id}
- Scope Types
system
project
Get details of a share access rule.
share_access_rule:index
- Default
(rule:system-reader) or (rule:project-reader)
- Operations
GET
/share-access-rules?share_id={share_id}&key1=value1&key2=value2
- Scope Types
system
project
List access rules of a given share.
share_access_metadata:update
- Default
(rule:system-admin) or (rule:project-member)
- Operations
PUT
/share-access-rules/{share_access_id}/metadata
- Scope Types
system
project
Set metadata for a share access rule.
share_access_metadata:delete
- Default
(rule:system-admin) or (rule:project-member)
- Operations
DELETE
/share-access-rules/{share_access_id}/metadata/{key}
- Scope Types
system
project
Delete metadata for a share access rule.