Policy configuration¶
Warning
JSON formatted policy file is deprecated since Manila 12.0.0 (Wallaby). This oslopolicy-convert-json-to-yaml tool will migrate your existing JSON-formatted policy file to YAML in a backward-compatible way.
Configuration¶
The following is an overview of all available policies in Manila.
manila¶
system-admin- Default
role:admin and system_scope:all- Scope Types
system
System scoped Administrator
system-member- Default
role:member and system_scope:all- Scope Types
system
System scoped Member
system-reader- Default
role:reader and system_scope:all- Scope Types
system
System scoped Reader
project-admin- Default
role:admin and project_id:%(project_id)s- Scope Types
project
Project scoped Administrator
project-member- Default
role:member and project_id:%(project_id)s- Scope Types
project
Project scoped Member
project-reader- Default
role:reader and project_id:%(project_id)s- Scope Types
project
Project scoped Reader
context_is_admin- Default
rule:system-admin- Scope Types
system
Privileged users checked via “context.is_admin”
admin_or_owner- Default
is_admin:True or project_id:%(project_id)s
Administrator or Member of the project
default- Default
rule:admin_or_owner
Default rule for most non-Admin APIs
admin_api- Default
is_admin:True
Default rule for most Admin APIs.
availability_zone:index- Default
(rule:system-reader) or (rule:project-reader)- Operations
GET
/os-availability-zoneGET
/availability-zone
- Scope Types
system
project
Get all storage availability zones.
scheduler_stats:pools:index- Default
rule:system-reader- Operations
GET
/scheduler-stats/poolsGET
/scheduler-stats/pools?{query}
- Scope Types
system
Get information regarding backends (and storage pools) known to the scheduler.
scheduler_stats:pools:detail- Default
rule:system-reader- Operations
GET
/scheduler-stats/pools/detail?{query}GET
/scheduler-stats/pools/detail
- Scope Types
system
Get detailed information regarding backends (and storage pools) known to the scheduler.
share:create- Default
(rule:system-admin) or (rule:project-member)- Operations
POST
/shares
- Scope Types
system
project
Create share.
share:create_public_share- Default
rule:system-admin- Operations
POST
/shares
- Scope Types
system
Create shares visible across all projects in the cloud.
share:get- Default
(rule:system-reader) or (rule:project-reader)- Operations
GET
/shares/{share_id}
- Scope Types
system
project
Get share.
share:get_all- Default
(rule:system-reader) or (rule:project-reader)- Operations
GET
/sharesGET
/shares/detail
- Scope Types
system
project
List shares.
share:update- Default
(rule:system-admin) or (rule:project-member)- Operations
PUT
/shares
- Scope Types
system
project
Update share.
share:set_public_share- Default
rule:system-admin- Operations
PUT
/shares
- Scope Types
system
Update shares to be visible across all projects in the cloud.
share:delete- Default
(rule:system-admin) or (rule:project-member)- Operations
DELETE
/shares/{share_id}
- Scope Types
system
project
Delete share.
share:force_delete- Default
(rule:system-admin) or (rule:project-admin)- Operations
DELETE
/shares/{share_id}
- Scope Types
system
project
Force Delete a share.
share:manage- Default
rule:system-admin- Operations
POST
/shares/manage
- Scope Types
system
Manage share.
share:unmanage- Default
rule:system-admin- Operations
POST
/shares/unmanage
- Scope Types
system
Unmanage share.
share:list_by_host- Default
rule:system-reader- Operations
GET
/sharesGET
/shares/detail
- Scope Types
system
List share by host.
share:list_by_share_server_id- Default
rule:system-reader- Operations
GET
/sharesGET
/shares/detail
- Scope Types
system
List share by server id.
share:access_get- Default
(rule:system-reader) or (rule:project-reader)- Operations
POST
/shares/{share_id}/action
- Scope Types
system
project
Get share access rule, it under deny access operation.
share:access_get_all- Default
(rule:system-reader) or (rule:project-reader)- Operations
GET
/shares/{share_id}/action
- Scope Types
system
project
List share access rules.
share:extend- Default
(rule:system-admin) or (rule:project-member)- Operations
POST
/shares/{share_id}/action
- Scope Types
system
project
Extend share.
share:force_extend- Default
(rule:system-admin) or (rule:project-admin)- Operations
POST
/shares/{share_id}/action
- Scope Types
system
project
Force extend share.
share:shrink- Default
(rule:system-admin) or (rule:project-member)- Operations
POST
/shares/{share_id}/action
- Scope Types
system
project
Shrink share.
share:migration_start- Default
rule:system-admin- Operations
POST
/shares/{share_id}/action
- Scope Types
system
Migrate a share to the specified host.
share:migration_complete- Default
rule:system-admin- Operations
POST
/shares/{share_id}/action
- Scope Types
system
Invokes 2nd phase of share migration.
share:migration_cancel- Default
rule:system-admin- Operations
POST
/shares/{share_id}/action
- Scope Types
system
Attempts to cancel share migration.
share:migration_get_progress- Default
rule:system-reader- Operations
POST
/shares/{share_id}/action
- Scope Types
system
Retrieve share migration progress for a given share.
share:reset_task_state- Default
(rule:system-admin) or (rule:project-admin)- Operations
POST
/shares/{share_id}/action
- Scope Types
system
project
Reset task state.
share:reset_status- Default
(rule:system-admin) or (rule:project-admin)- Operations
POST
/shares/{share_id}/action
- Scope Types
system
project
Reset status.
share:revert_to_snapshot- Default
(rule:system-admin) or (rule:project-member)- Operations
POST
/shares/{share_id}/action
- Scope Types
system
project
Revert a share to a snapshot.
share:allow_access- Default
(rule:system-admin) or (rule:project-member)- Operations
POST
/shares/{share_id}/action
- Scope Types
system
project
Add share access rule.
share:deny_access- Default
(rule:system-admin) or (rule:project-member)- Operations
POST
/shares/{share_id}/action
- Scope Types
system
project
Remove share access rule.
share:update_share_metadata- Default
(rule:system-admin) or (rule:project-member)- Operations
PUT
/shares/{share_id}/metadata
- Scope Types
system
project
Update share metadata.
share:delete_share_metadata- Default
(rule:system-admin) or (rule:project-member)- Operations
DELETE
/shares/{share_id}/metadata/{key}
- Scope Types
system
project
Delete share metadata.
share:get_share_metadata- Default
(rule:system-reader) or (rule:project-reader)- Operations
GET
/shares/{share_id}/metadata
- Scope Types
system
project
Get share metadata.
share:create_snapshot- Default
(rule:system-admin) or (rule:project-member)- Operations
POST
/snapshots
- Scope Types
system
project
Create share snapshot.
share:delete_snapshot- Default
(rule:system-admin) or (rule:project-member)- Operations
DELETE
/snapshots/{snapshot_id}
- Scope Types
system
project
Delete share snapshot.
share:snapshot_update- Default
(rule:system-admin) or (rule:project-member)- Operations
PUT
/snapshots/{snapshot_id}/action
- Scope Types
system
project
Update share snapshot.
share_instance_export_location:index- Default
rule:system-reader- Operations
POST
/share_instances/{share_instance_id}/export_locations
- Scope Types
system
Return data about the requested export location.
share_instance_export_location:show- Default
rule:system-reader- Operations
GET
/share_instances/{share_instance_id}/export_locations/{export_location_id}
- Scope Types
system
Return data about the requested export location.
share_type:create- Default
rule:system-admin- Operations
POST
/types
- Scope Types
system
Create share type.
share_type:update- Default
rule:system-admin- Operations
PUT
/types/{share_type_id}
- Scope Types
system
Update share type.
share_type:show- Default
(rule:system-reader) or (rule:project-reader)- Operations
GET
/types/{share_type_id}
- Scope Types
system
project
Get share type.
share_type:index- Default
(rule:system-reader) or (rule:project-reader)- Operations
GET
/typesGET
/types?is_public=all
- Scope Types
system
project
List share types.
share_type:default- Default
(rule:system-reader) or (rule:project-reader)- Operations
GET
/types/default
- Scope Types
system
project
Get default share type.
share_type:delete- Default
rule:system-admin- Operations
DELETE
/types/{share_type_id}
- Scope Types
system
Delete share type.
share_type:list_project_access- Default
rule:system-reader- Operations
GET
/types/{share_type_id}
- Scope Types
system
List share type project access.
share_type:add_project_access- Default
rule:system-admin- Operations
POST
/types/{share_type_id}/action
- Scope Types
system
Add share type to project.
share_type:remove_project_access- Default
rule:system-admin- Operations
POST
/types/{share_type_id}/action
- Scope Types
system
Remove share type from project.
share_types_extra_spec:create- Default
rule:system-admin- Operations
POST
/types/{share_type_id}/extra_specs
- Scope Types
system
Create share type extra spec.
share_types_extra_spec:show- Default
rule:system-reader- Operations
GET
/types/{share_type_id}/extra_specs
- Scope Types
system
Get share type extra specs of a given share type.
share_types_extra_spec:index- Default
rule:system-reader- Operations
GET
/types/{share_type_id}/extra_specs/{extra_spec_id}
- Scope Types
system
Get details of a share type extra spec.
share_types_extra_spec:update- Default
rule:system-admin- Operations
PUT
/types/{share_type_id}/extra_specs
- Scope Types
system
Update share type extra spec.
share_types_extra_spec:delete- Default
rule:system-admin- Operations
DELETE
/types/{share_type_id}/extra_specs/{key}
- Scope Types
system
Delete share type extra spec.
share_snapshot:get_snapshot- Default
(rule:system-reader) or (rule:project-reader)- Operations
GET
/snapshots/{snapshot_id}
- Scope Types
system
project
Get share snapshot.
share_snapshot:get_all_snapshots- Default
(rule:system-reader) or (rule:project-reader)- Operations
GET
/snapshotsGET
/snapshots/detailGET
/snapshots?{query}GET
/snapshots/detail?{query}
- Scope Types
system
project
Get all share snapshots.
share_snapshot:force_delete- Default
(rule:system-admin) or (rule:project-admin)- Operations
DELETE
/snapshots/{snapshot_id}
- Scope Types
system
project
Force Delete a share snapshot.
share_snapshot:manage_snapshot- Default
rule:system-admin- Operations
POST
/snapshots/manage
- Scope Types
system
Manage share snapshot.
share_snapshot:unmanage_snapshot- Default
rule:system-admin- Operations
POST
/snapshots/{snapshot_id}/action
- Scope Types
system
Unmanage share snapshot.
share_snapshot:reset_status- Default
(rule:system-admin) or (rule:project-admin)- Operations
POST
/snapshots/{snapshot_id}/action
- Scope Types
system
project
Reset status.
share_snapshot:access_list- Default
(rule:system-reader) or (rule:project-reader)- Operations
GET
/snapshots/{snapshot_id}/access-list
- Scope Types
system
project
List access rules of a share snapshot.
share_snapshot:allow_access- Default
(rule:system-admin) or (rule:project-member)- Operations
POST
/snapshots/{snapshot_id}/action
- Scope Types
system
project
Allow access to a share snapshot.
share_snapshot:deny_access- Default
(rule:system-admin) or (rule:project-member)- Operations
POST
/snapshots/{snapshot_id}/action
- Scope Types
system
project
Deny access to a share snapshot.
share_snapshot_export_location:index- Default
(rule:system-reader) or (rule:project-reader)- Operations
GET
/snapshots/{snapshot_id}/export-locations/
- Scope Types
system
project
List export locations of a share snapshot.
share_snapshot_export_location:show- Default
(rule:system-reader) or (rule:project-reader)- Operations
GET
/snapshots/{snapshot_id}/export-locations/{export_location_id}
- Scope Types
system
project
Get details of a specified export location of a share snapshot.
share_snapshot_instance:show- Default
rule:system-reader- Operations
GET
/snapshot-instances/{snapshot_instance_id}
- Scope Types
system
Get share snapshot instance.
share_snapshot_instance:index- Default
rule:system-reader- Operations
GET
/snapshot-instancesGET
/snapshot-instances?{query}
- Scope Types
system
Get all share snapshot instances.
share_snapshot_instance:detail- Default
rule:system-reader- Operations
GET
/snapshot-instances/detailGET
/snapshot-instances/detail?{query}
- Scope Types
system
Get details of share snapshot instances.
share_snapshot_instance:reset_status- Default
rule:system-admin- Operations
POST
/snapshot-instances/{snapshot_instance_id}/action
- Scope Types
system
Reset share snapshot instance’s status.
share_snapshot_instance_export_location:index- Default
rule:system-reader- Operations
GET
/snapshot-instances/{snapshot_instance_id}/export-locations
- Scope Types
system
List export locations of a share snapshot instance.
share_snapshot_instance_export_location:show- Default
rule:system-reader- Operations
GET
/snapshot-instances/{snapshot_instance_id}/export-locations/{export_location_id}
- Scope Types
system
Show details of a specified export location of a share snapshot instance.
share_server:index- Default
rule:system-reader- Operations
GET
/share-serversGET
/share-servers?{query}
- Scope Types
system
Get share servers.
share_server:show- Default
rule:system-reader- Operations
GET
/share-servers/{server_id}
- Scope Types
system
Show share server.
share_server:details- Default
rule:system-reader- Operations
GET
/share-servers/{server_id}/details
- Scope Types
system
Get share server details.
share_server:delete- Default
rule:system-admin- Operations
DELETE
/share-servers/{server_id}
- Scope Types
system
Delete share server.
share_server:manage_share_server- Default
rule:system-admin- Operations
POST
/share-servers/manage
- Scope Types
system
Manage share server.
share_server:unmanage_share_server- Default
rule:system-admin- Operations
POST
/share-servers/{share_server_id}/action
- Scope Types
system
Unmanage share server.
share_server:reset_status- Default
rule:system-admin- Operations
POST
/share-servers/{share_server_id}/action
- Scope Types
system
Reset the status of a share server.
share_server:share_server_migration_start- Default
rule:system-admin- Operations
POST
/share-servers/{share_server_id}/action
- Scope Types
system
Migrates a share server to the specified host.
share_server:share_server_migration_check- Default
rule:system-reader- Operations
POST
/share-servers/{share_server_id}/action
- Scope Types
system
Check if can migrates a share server to the specified host.
share_server:share_server_migration_complete- Default
rule:system-admin- Operations
POST
/share-servers/{share_server_id}/action
- Scope Types
system
Invokes the 2nd phase of share server migration.
share_server:share_server_migration_cancel- Default
rule:system-admin- Operations
POST
/share-servers/{share_server_id}/action
- Scope Types
system
Attempts to cancel share server migration.
share_server:share_server_migration_get_progress- Default
rule:system-reader- Operations
POST
/share-servers/{share_server_id}/action
- Scope Types
system
Retrieves the share server migration progress for a given share server.
share_server:share_server_reset_task_state- Default
rule:system-admin- Operations
POST
/share-servers/{share_server_id}/action
- Scope Types
system
Resets task state.
service:index- Default
rule:system-reader- Operations
GET
/os-servicesGET
/os-services?{query}GET
/servicesGET
/services?{query}
- Scope Types
system
Return a list of all running services.
service:update- Default
rule:system-admin- Operations
PUT
/os-services/disablePUT
/os-services/enablePUT
/services/disablePUT
/services/enable
- Scope Types
system
Enable/Disable scheduling for a service.
quota_set:update- Default
rule:system-admin- Operations
PUT
/quota-sets/{tenant_id}PUT
/quota-sets/{tenant_id}?user_id={user_id}PUT
/quota-sets/{tenant_id}?share_type={share_type_id}PUT
/os-quota-sets/{tenant_id}PUT
/os-quota-sets/{tenant_id}?user_id={user_id}
- Scope Types
system
Update the quotas for a project/user and/or share type.
quota_set:show- Default
(rule:system-reader) or (rule:project-reader)- Operations
GET
/quota-sets/{tenant_id}/defaultsGET
/os-quota-sets/{tenant_id}/defaults
- Scope Types
system
project
List the quotas for a tenant/user.
quota_set:delete- Default
rule:system-admin- Operations
DELETE
/quota-sets/{tenant_id}DELETE
/quota-sets/{tenant_id}?user_id={user_id}DELETE
/quota-sets/{tenant_id}?share_type={share_type_id}DELETE
/os-quota-sets/{tenant_id}DELETE
/os-quota-sets/{tenant_id}?user_id={user_id}
- Scope Types
system
Delete quota for a tenant/user or tenant/share-type. The quota will revert back to default (Admin only).
quota_class_set:update- Default
rule:system-admin- Operations
PUT
/quota-class-sets/{class_name}PUT
/os-quota-class-sets/{class_name}
- Scope Types
system
Update quota class.
quota_class_set:show- Default
(rule:system-reader) or (rule:project-reader)- Operations
GET
/quota-class-sets/{class_name}GET
/os-quota-class-sets/{class_name}
- Scope Types
system
project
Get quota class.
share_group_types_spec:create- Default
rule:system-admin- Operations
POST
/share-group-types/{share_group_type_id}/group-specs
- Scope Types
system
Create share group type specs.
share_group_types_spec:index- Default
rule:system-reader- Operations
GET
/share-group-types/{share_group_type_id}/group-specs
- Scope Types
system
Get share group type specs.
share_group_types_spec:show- Default
rule:system-reader- Operations
GET
/share-group-types/{share_group_type_id}/group-specs/{key}
- Scope Types
system
Get details of a share group type spec.
share_group_types_spec:update- Default
rule:system-admin- Operations
PUT
/share-group-types/{share_group_type_id}/group-specs/{key}
- Scope Types
system
Update a share group type spec.
share_group_types_spec:delete- Default
rule:system-admin- Operations
DELETE
/share-group-types/{share_group_type_id}/group-specs/{key}
- Scope Types
system
Delete a share group type spec.
share_group_type:create- Default
rule:system-admin- Operations
POST
/share-group-types
- Scope Types
system
Create a new share group type.
share_group_type:index- Default
(rule:system-reader) or (rule:project-reader)- Operations
GET
/share-group-typesGET
/share-group-types?is_public=all
- Scope Types
system
project
Get the list of share group types.
share_group_type:show- Default
(rule:system-reader) or (rule:project-reader)- Operations
GET
/share-group-types/{share_group_type_id}
- Scope Types
system
project
Get details regarding the specified share group type.
share_group_type:default- Default
(rule:system-reader) or (rule:project-reader)- Operations
GET
/share-group-types/default
- Scope Types
system
project
Get the default share group type.
share_group_type:delete- Default
rule:system-admin- Operations
DELETE
/share-group-types/{share_group_type_id}
- Scope Types
system
Delete an existing group type.
share_group_type:list_project_access- Default
rule:system-reader- Operations
GET
/share-group-types/{share_group_type_id}/access
- Scope Types
system
Get project access by share group type.
share_group_type:add_project_access- Default
rule:system-admin- Operations
POST
/share-group-types/{share_group_type_id}/action
- Scope Types
system
Allow project to use the share group type.
share_group_type:remove_project_access- Default
rule:system-admin- Operations
POST
/share-group-types/{share_group_type_id}/action
- Scope Types
system
Deny project access to use the share group type.
share_group_snapshot:create- Default
(rule:system-admin) or (rule:project-member)- Operations
POST
/share-group-snapshots
- Scope Types
system
project
Create a new share group snapshot.
share_group_snapshot:get- Default
(rule:system-reader) or (rule:project-reader)- Operations
GET
/share-group-snapshots/{share_group_snapshot_id}
- Scope Types
system
project
Get details of a share group snapshot.
share_group_snapshot:get_all- Default
(rule:system-reader) or (rule:project-reader)- Operations
GET
/share-group-snapshotsGET
/share-group-snapshots/detailGET
/share-group-snapshots/{query}GET
/share-group-snapshots/detail?{query}
- Scope Types
system
project
Get all share group snapshots.
share_group_snapshot:update- Default
(rule:system-admin) or (rule:project-member)- Operations
PUT
/share-group-snapshots/{share_group_snapshot_id}
- Scope Types
system
project
Update a share group snapshot.
share_group_snapshot:delete- Default
(rule:system-admin) or (rule:project-member)- Operations
DELETE
/share-group-snapshots/{share_group_snapshot_id}
- Scope Types
system
project
Delete a share group snapshot.
share_group_snapshot:force_delete- Default
(rule:system-admin) or (rule:project-admin)- Operations
POST
/share-group-snapshots/{share_group_snapshot_id}/action
- Scope Types
system
project
Force delete a share group snapshot.
share_group_snapshot:reset_status- Default
(rule:system-admin) or (rule:project-admin)- Operations
POST
/share-group-snapshots/{share_group_snapshot_id}/action
- Scope Types
system
project
Reset a share group snapshot’s status.
share_group:create- Default
(rule:system-admin) or (rule:project-member)- Operations
POST
/share-groups
- Scope Types
system
project
Create share group.
share_group:get- Default
(rule:system-reader) or (rule:project-reader)- Operations
GET
/share-groups/{share_group_id}
- Scope Types
system
project
Get details of a share group.
share_group:get_all- Default
(rule:system-reader) or (rule:project-reader)- Operations
GET
/share-groupsGET
/share-groups/detailGET
/share-groups?{query}GET
/share-groups/detail?{query}
- Scope Types
system
project
Get all share groups.
share_group:update- Default
(rule:system-admin) or (rule:project-member)- Operations
PUT
/share-groups/{share_group_id}
- Scope Types
system
project
Update share group.
share_group:delete- Default
(rule:system-admin) or (rule:project-member)- Operations
DELETE
/share-groups/{share_group_id}
- Scope Types
system
project
Delete share group.
share_group:force_delete- Default
(rule:system-admin) or (rule:project-admin)- Operations
POST
/share-groups/{share_group_id}/action
- Scope Types
system
project
Force delete a share group.
share_group:reset_status- Default
(rule:system-admin) or (rule:project-admin)- Operations
POST
/share-groups/{share_group_id}/action
- Scope Types
system
project
Reset share group’s status.
share_replica:create- Default
(rule:system-admin) or (rule:project-member)- Operations
POST
/share-replicas
- Scope Types
system
project
Create share replica.
share_replica:get_all- Default
(rule:system-reader) or (rule:project-reader)- Operations
GET
/share-replicasGET
/share-replicas/detailGET
/share-replicas/detail?share_id={share_id}
- Scope Types
system
project
Get all share replicas.
share_replica:show- Default
(rule:system-reader) or (rule:project-reader)- Operations
GET
/share-replicas/{share_replica_id}
- Scope Types
system
project
Get details of a share replica.
share_replica:delete- Default
(rule:system-admin) or (rule:project-member)- Operations
DELETE
/share-replicas/{share_replica_id}
- Scope Types
system
project
Delete a share replica.
share_replica:force_delete- Default
(rule:system-admin) or (rule:project-admin)- Operations
POST
/share-replicas/{share_replica_id}/action
- Scope Types
system
project
Force delete a share replica.
share_replica:promote- Default
(rule:system-admin) or (rule:project-member)- Operations
POST
/share-replicas/{share_replica_id}/action
- Scope Types
system
project
Promote a non-active share replica to active.
share_replica:resync- Default
(rule:system-admin) or (rule:project-admin)- Operations
POST
/share-replicas/{share_replica_id}/action
- Scope Types
system
project
Resync a share replica that is out of sync.
share_replica:reset_replica_state- Default
(rule:system-admin) or (rule:project-admin)- Operations
POST
/share-replicas/{share_replica_id}/action
- Scope Types
system
project
Reset share replica’s replica_state attribute.
share_replica:reset_status- Default
(rule:system-admin) or (rule:project-admin)- Operations
POST
/share-replicas/{share_replica_id}/action
- Scope Types
system
project
Reset share replica’s status.
share_replica_export_location:index- Default
(rule:system-reader) or (rule:project-reader)- Operations
GET
/share-replicas/{share_replica_id}/export-locations
- Scope Types
system
project
Get all export locations of a given share replica.
share_replica_export_location:show- Default
(rule:system-reader) or (rule:project-reader)- Operations
GET
/share-replicas/{share_replica_id}/export-locations/{export_location_id}
- Scope Types
system
project
Get details about the requested share replica export location.
share_network:create- Default
(rule:system-admin) or (rule:project-member)- Operations
POST
/share-networks
- Scope Types
system
project
Create share network.
share_network:show- Default
(rule:system-reader) or (rule:project-reader)- Operations
GET
/share-networks/{share_network_id}
- Scope Types
system
project
Get details of a share network.
share_network:index- Default
(rule:system-reader) or (rule:project-reader)- Operations
GET
/share-networksGET
/share-networks?{query}
- Scope Types
system
project
Get all share networks.
share_network:detail- Default
(rule:system-reader) or (rule:project-reader)- Operations
GET
/share-networks/detail?{query}GET
/share-networks/detail
- Scope Types
system
project
Get details of share networks .
share_network:update- Default
(rule:system-admin) or (rule:project-member)- Operations
PUT
/share-networks/{share_network_id}
- Scope Types
system
project
Update a share network.
share_network:delete- Default
(rule:system-admin) or (rule:project-member)- Operations
DELETE
/share-networks/{share_network_id}
- Scope Types
system
project
Delete a share network.
share_network:add_security_service- Default
(rule:system-admin) or (rule:project-member)- Operations
POST
/share-networks/{share_network_id}/action
- Scope Types
system
project
Add security service to share network.
share_network:add_security_service_check- Default
(rule:system-admin) or (rule:project-member)- Operations
POST
/share-networks/{share_network_id}/action
- Scope Types
system
project
Check the feasibility of add security service to a share network.
share_network:remove_security_service- Default
(rule:system-admin) or (rule:project-member)- Operations
POST
/share-networks/{share_network_id}/action
- Scope Types
system
project
Remove security service from share network.
share_network:update_security_service- Default
(rule:system-admin) or (rule:project-member)- Operations
POST
/share-networks/{share_network_id}/action
- Scope Types
system
project
Update security service from share network.
share_network:update_security_service_check- Default
(rule:system-admin) or (rule:project-member)- Operations
POST
/share-networks/{share_network_id}/action
- Scope Types
system
project
Check the feasibility of update a security service from share network.
share_network:reset_status- Default
(rule:system-admin) or (rule:project-admin)- Operations
POST
/share-networks/{share_network_id}/action
- Scope Types
system
project
Reset share network`s status.
share_network:get_all_share_networks- Default
rule:system-reader- Operations
GET
/share-networks?all_tenants=1GET
/share-networks/detail?all_tenants=1
- Scope Types
system
Get share networks belonging to all projects.
share_network_subnet:create- Default
(rule:system-admin) or (rule:project-member)- Operations
POST
/share-networks/{share_network_id}/subnets
- Scope Types
system
project
Create a new share network subnet.
share_network_subnet:delete- Default
(rule:system-admin) or (rule:project-member)- Operations
DELETE
/share-networks/{share_network_id}/subnets/{share_network_subnet_id}
- Scope Types
system
project
Delete a share network subnet.
share_network_subnet:show- Default
(rule:system-reader) or (rule:project-reader)- Operations
GET
/share-networks/{share_network_id}/subnets/{share_network_subnet_id}
- Scope Types
system
project
Shows a share network subnet.
share_network_subnet:index- Default
(rule:system-reader) or (rule:project-reader)- Operations
GET
/share-networks/{share_network_id}/subnets
- Scope Types
system
project
Get all share network subnets.
security_service:create- Default
(rule:system-admin) or (rule:project-member)- Operations
POST
/security-services
- Scope Types
system
project
Create security service.
security_service:show- Default
(rule:system-reader) or (rule:project-reader)- Operations
GET
/security-services/{security_service_id}
- Scope Types
system
project
Get details of a security service.
security_service:detail- Default
(rule:system-reader) or (rule:project-reader)- Operations
GET
/security-services/detail?{query}GET
/security-services/detail
- Scope Types
system
project
Get details of all security services.
security_service:index- Default
(rule:system-reader) or (rule:project-reader)- Operations
GET
/security-servicesGET
/security-services?{query}
- Scope Types
system
project
Get all security services.
security_service:update- Default
(rule:system-admin) or (rule:project-member)- Operations
PUT
/security-services/{security_service_id}
- Scope Types
system
project
Update a security service.
security_service:delete- Default
(rule:system-admin) or (rule:project-member)- Operations
DELETE
/security-services/{security_service_id}
- Scope Types
system
project
Delete a security service.
security_service:get_all_security_services- Default
rule:system-reader- Operations
GET
/security-services?all_tenants=1GET
/security-services/detail?all_tenants=1
- Scope Types
system
Get security services of all projects.
share_export_location:index- Default
(rule:system-reader) or (rule:project-reader)- Operations
GET
/shares/{share_id}/export_locations
- Scope Types
system
project
Get all export locations of a given share.
share_export_location:show- Default
(rule:system-reader) or (rule:project-reader)- Operations
GET
/shares/{share_id}/export_locations/{export_location_id}
- Scope Types
system
project
Get details about the requested export location.
share_instance:index- Default
rule:system-reader- Operations
GET
/share_instancesGET
/share_instances?{query}
- Scope Types
system
Get all share instances.
share_instance:show- Default
rule:system-reader- Operations
GET
/share_instances/{share_instance_id}
- Scope Types
system
Get details of a share instance.
share_instance:force_delete- Default
rule:system-admin- Operations
POST
/share_instances/{share_instance_id}/action
- Scope Types
system
Force delete a share instance.
share_instance:reset_status- Default
rule:system-admin- Operations
POST
/share_instances/{share_instance_id}/action
- Scope Types
system
Reset share instance’s status.
message:get- Default
(rule:system-reader) or (rule:project-reader)- Operations
GET
/messages/{message_id}
- Scope Types
system
project
Get details of a given message.
message:get_all- Default
(rule:system-reader) or (rule:project-reader)- Operations
GET
/messagesGET
/messages?{query}
- Scope Types
system
project
Get all messages.
message:delete- Default
(rule:system-admin) or (rule:project-member)- Operations
DELETE
/messages/{message_id}
- Scope Types
system
project
Delete a message.
share_access_rule:get- Default
(rule:system-reader) or (rule:project-reader)- Operations
GET
/share-access-rules/{share_access_id}
- Scope Types
system
project
Get details of a share access rule.
share_access_rule:index- Default
(rule:system-reader) or (rule:project-reader)- Operations
GET
/share-access-rules?share_id={share_id}&key1=value1&key2=value2
- Scope Types
system
project
List access rules of a given share.
share_access_metadata:update- Default
(rule:system-admin) or (rule:project-member)- Operations
PUT
/share-access-rules/{share_access_id}/metadata
- Scope Types
system
project
Set metadata for a share access rule.
share_access_metadata:delete- Default
(rule:system-admin) or (rule:project-member)- Operations
DELETE
/share-access-rules/{share_access_id}/metadata/{key}
- Scope Types
system
project
Delete metadata for a share access rule.
