Policy configuration

Warning

JSON formatted policy file is deprecated since Manila 12.0.0 (Wallaby). This oslopolicy-convert-json-to-yaml tool will migrate your existing JSON-formatted policy file to YAML in a backward-compatible way.

Configuration

The following is an overview of all available policies in Manila.

manila

system-admin
Default

role:admin and system_scope:all

Scope Types
  • system

System scoped Administrator

system-member
Default

role:member and system_scope:all

Scope Types
  • system

System scoped Member

system-reader
Default

role:reader and system_scope:all

Scope Types
  • system

System scoped Reader

project-admin
Default

role:admin and project_id:%(project_id)s

Scope Types
  • project

Project scoped Administrator

project-member
Default

role:member and project_id:%(project_id)s

Scope Types
  • project

Project scoped Member

project-reader
Default

role:reader and project_id:%(project_id)s

Scope Types
  • project

Project scoped Reader

context_is_admin
Default

rule:system-admin

Scope Types
  • system

Privileged users checked via “context.is_admin”

admin_or_owner
Default

is_admin:True or project_id:%(project_id)s

Administrator or Member of the project

default
Default

rule:admin_or_owner

Default rule for most non-Admin APIs

admin_api
Default

is_admin:True

Default rule for most Admin APIs.

availability_zone:index
Default

(rule:system-reader) or (rule:project-reader)

Operations
  • GET /os-availability-zone

  • GET /availability-zone

Scope Types
  • system

  • project

Get all storage availability zones.

scheduler_stats:pools:index
Default

rule:system-reader

Operations
  • GET /scheduler-stats/pools

  • GET /scheduler-stats/pools?{query}

Scope Types
  • system

Get information regarding backends (and storage pools) known to the scheduler.

scheduler_stats:pools:detail
Default

rule:system-reader

Operations
  • GET /scheduler-stats/pools/detail?{query}

  • GET /scheduler-stats/pools/detail

Scope Types
  • system

Get detailed information regarding backends (and storage pools) known to the scheduler.

share:create
Default

(rule:system-admin) or (rule:project-member)

Operations
  • POST /shares

Scope Types
  • system

  • project

Create share.

share:create_public_share
Default

rule:system-admin

Operations
  • POST /shares

Scope Types
  • system

Create shares visible across all projects in the cloud.

share:get
Default

(rule:system-reader) or (rule:project-reader)

Operations
  • GET /shares/{share_id}

Scope Types
  • system

  • project

Get share.

share:get_all
Default

(rule:system-reader) or (rule:project-reader)

Operations
  • GET /shares

  • GET /shares/detail

Scope Types
  • system

  • project

List shares.

share:update
Default

(rule:system-admin) or (rule:project-member)

Operations
  • PUT /shares

Scope Types
  • system

  • project

Update share.

share:set_public_share
Default

rule:system-admin

Operations
  • PUT /shares

Scope Types
  • system

Update shares to be visible across all projects in the cloud.

share:delete
Default

(rule:system-admin) or (rule:project-member)

Operations
  • DELETE /shares/{share_id}

Scope Types
  • system

  • project

Delete share.

share:force_delete
Default

(rule:system-admin) or (rule:project-admin)

Operations
  • DELETE /shares/{share_id}

Scope Types
  • system

  • project

Force Delete a share.

share:manage
Default

rule:system-admin

Operations
  • POST /shares/manage

Scope Types
  • system

Manage share.

share:unmanage
Default

rule:system-admin

Operations
  • POST /shares/unmanage

Scope Types
  • system

Unmanage share.

share:list_by_host
Default

rule:system-reader

Operations
  • GET /shares

  • GET /shares/detail

Scope Types
  • system

List share by host.

share:list_by_share_server_id
Default

rule:system-reader

Operations
  • GET /shares

  • GET /shares/detail

Scope Types
  • system

List share by server id.

share:access_get
Default

(rule:system-reader) or (rule:project-reader)

Operations
  • POST /shares/{share_id}/action

Scope Types
  • system

  • project

Get share access rule, it under deny access operation.

share:access_get_all
Default

(rule:system-reader) or (rule:project-reader)

Operations
  • GET /shares/{share_id}/action

Scope Types
  • system

  • project

List share access rules.

share:extend
Default

(rule:system-admin) or (rule:project-member)

Operations
  • POST /shares/{share_id}/action

Scope Types
  • system

  • project

Extend share.

share:force_extend
Default

(rule:system-admin) or (rule:project-admin)

Operations
  • POST /shares/{share_id}/action

Scope Types
  • system

  • project

Force extend share.

share:shrink
Default

(rule:system-admin) or (rule:project-member)

Operations
  • POST /shares/{share_id}/action

Scope Types
  • system

  • project

Shrink share.

share:migration_start
Default

rule:system-admin

Operations
  • POST /shares/{share_id}/action

Scope Types
  • system

Migrate a share to the specified host.

share:migration_complete
Default

rule:system-admin

Operations
  • POST /shares/{share_id}/action

Scope Types
  • system

Invokes 2nd phase of share migration.

share:migration_cancel
Default

rule:system-admin

Operations
  • POST /shares/{share_id}/action

Scope Types
  • system

Attempts to cancel share migration.

share:migration_get_progress
Default

rule:system-reader

Operations
  • POST /shares/{share_id}/action

Scope Types
  • system

Retrieve share migration progress for a given share.

share:reset_task_state
Default

(rule:system-admin) or (rule:project-admin)

Operations
  • POST /shares/{share_id}/action

Scope Types
  • system

  • project

Reset task state.

share:reset_status
Default

(rule:system-admin) or (rule:project-admin)

Operations
  • POST /shares/{share_id}/action

Scope Types
  • system

  • project

Reset status.

share:revert_to_snapshot
Default

(rule:system-admin) or (rule:project-member)

Operations
  • POST /shares/{share_id}/action

Scope Types
  • system

  • project

Revert a share to a snapshot.

share:allow_access
Default

(rule:system-admin) or (rule:project-member)

Operations
  • POST /shares/{share_id}/action

Scope Types
  • system

  • project

Add share access rule.

share:deny_access
Default

(rule:system-admin) or (rule:project-member)

Operations
  • POST /shares/{share_id}/action

Scope Types
  • system

  • project

Remove share access rule.

share:update_share_metadata
Default

(rule:system-admin) or (rule:project-member)

Operations
  • PUT /shares/{share_id}/metadata

Scope Types
  • system

  • project

Update share metadata.

share:delete_share_metadata
Default

(rule:system-admin) or (rule:project-member)

Operations
  • DELETE /shares/{share_id}/metadata/{key}

Scope Types
  • system

  • project

Delete share metadata.

share:get_share_metadata
Default

(rule:system-reader) or (rule:project-reader)

Operations
  • GET /shares/{share_id}/metadata

Scope Types
  • system

  • project

Get share metadata.

share:create_snapshot
Default

(rule:system-admin) or (rule:project-member)

Operations
  • POST /snapshots

Scope Types
  • system

  • project

Create share snapshot.

share:delete_snapshot
Default

(rule:system-admin) or (rule:project-member)

Operations
  • DELETE /snapshots/{snapshot_id}

Scope Types
  • system

  • project

Delete share snapshot.

share:snapshot_update
Default

(rule:system-admin) or (rule:project-member)

Operations
  • PUT /snapshots/{snapshot_id}/action

Scope Types
  • system

  • project

Update share snapshot.

share_instance_export_location:index
Default

rule:system-reader

Operations
  • POST /share_instances/{share_instance_id}/export_locations

Scope Types
  • system

Return data about the requested export location.

share_instance_export_location:show
Default

rule:system-reader

Operations
  • GET /share_instances/{share_instance_id}/export_locations/{export_location_id}

Scope Types
  • system

Return data about the requested export location.

share_type:create
Default

rule:system-admin

Operations
  • POST /types

Scope Types
  • system

Create share type.

share_type:update
Default

rule:system-admin

Operations
  • PUT /types/{share_type_id}

Scope Types
  • system

Update share type.

share_type:show
Default

(rule:system-reader) or (rule:project-reader)

Operations
  • GET /types/{share_type_id}

Scope Types
  • system

  • project

Get share type.

share_type:index
Default

(rule:system-reader) or (rule:project-reader)

Operations
  • GET /types

  • GET /types?is_public=all

Scope Types
  • system

  • project

List share types.

share_type:default
Default

(rule:system-reader) or (rule:project-reader)

Operations
  • GET /types/default

Scope Types
  • system

  • project

Get default share type.

share_type:delete
Default

rule:system-admin

Operations
  • DELETE /types/{share_type_id}

Scope Types
  • system

Delete share type.

share_type:list_project_access
Default

rule:system-reader

Operations
  • GET /types/{share_type_id}

Scope Types
  • system

List share type project access.

share_type:add_project_access
Default

rule:system-admin

Operations
  • POST /types/{share_type_id}/action

Scope Types
  • system

Add share type to project.

share_type:remove_project_access
Default

rule:system-admin

Operations
  • POST /types/{share_type_id}/action

Scope Types
  • system

Remove share type from project.

share_types_extra_spec:create
Default

rule:system-admin

Operations
  • POST /types/{share_type_id}/extra_specs

Scope Types
  • system

Create share type extra spec.

share_types_extra_spec:show
Default

rule:system-reader

Operations
  • GET /types/{share_type_id}/extra_specs

Scope Types
  • system

Get share type extra specs of a given share type.

share_types_extra_spec:index
Default

rule:system-reader

Operations
  • GET /types/{share_type_id}/extra_specs/{extra_spec_id}

Scope Types
  • system

Get details of a share type extra spec.

share_types_extra_spec:update
Default

rule:system-admin

Operations
  • PUT /types/{share_type_id}/extra_specs

Scope Types
  • system

Update share type extra spec.

share_types_extra_spec:delete
Default

rule:system-admin

Operations
  • DELETE /types/{share_type_id}/extra_specs/{key}

Scope Types
  • system

Delete share type extra spec.

share_snapshot:get_snapshot
Default

(rule:system-reader) or (rule:project-reader)

Operations
  • GET /snapshots/{snapshot_id}

Scope Types
  • system

  • project

Get share snapshot.

share_snapshot:get_all_snapshots
Default

(rule:system-reader) or (rule:project-reader)

Operations
  • GET /snapshots

  • GET /snapshots/detail

  • GET /snapshots?{query}

  • GET /snapshots/detail?{query}

Scope Types
  • system

  • project

Get all share snapshots.

share_snapshot:force_delete
Default

(rule:system-admin) or (rule:project-admin)

Operations
  • DELETE /snapshots/{snapshot_id}

Scope Types
  • system

  • project

Force Delete a share snapshot.

share_snapshot:manage_snapshot
Default

rule:system-admin

Operations
  • POST /snapshots/manage

Scope Types
  • system

Manage share snapshot.

share_snapshot:unmanage_snapshot
Default

rule:system-admin

Operations
  • POST /snapshots/{snapshot_id}/action

Scope Types
  • system

Unmanage share snapshot.

share_snapshot:reset_status
Default

(rule:system-admin) or (rule:project-admin)

Operations
  • POST /snapshots/{snapshot_id}/action

Scope Types
  • system

  • project

Reset status.

share_snapshot:access_list
Default

(rule:system-reader) or (rule:project-reader)

Operations
  • GET /snapshots/{snapshot_id}/access-list

Scope Types
  • system

  • project

List access rules of a share snapshot.

share_snapshot:allow_access
Default

(rule:system-admin) or (rule:project-member)

Operations
  • POST /snapshots/{snapshot_id}/action

Scope Types
  • system

  • project

Allow access to a share snapshot.

share_snapshot:deny_access
Default

(rule:system-admin) or (rule:project-member)

Operations
  • POST /snapshots/{snapshot_id}/action

Scope Types
  • system

  • project

Deny access to a share snapshot.

share_snapshot_export_location:index
Default

(rule:system-reader) or (rule:project-reader)

Operations
  • GET /snapshots/{snapshot_id}/export-locations/

Scope Types
  • system

  • project

List export locations of a share snapshot.

share_snapshot_export_location:show
Default

(rule:system-reader) or (rule:project-reader)

Operations
  • GET /snapshots/{snapshot_id}/export-locations/{export_location_id}

Scope Types
  • system

  • project

Get details of a specified export location of a share snapshot.

share_snapshot_instance:show
Default

rule:system-reader

Operations
  • GET /snapshot-instances/{snapshot_instance_id}

Scope Types
  • system

Get share snapshot instance.

share_snapshot_instance:index
Default

rule:system-reader

Operations
  • GET /snapshot-instances

  • GET /snapshot-instances?{query}

Scope Types
  • system

Get all share snapshot instances.

share_snapshot_instance:detail
Default

rule:system-reader

Operations
  • GET /snapshot-instances/detail

  • GET /snapshot-instances/detail?{query}

Scope Types
  • system

Get details of share snapshot instances.

share_snapshot_instance:reset_status
Default

rule:system-admin

Operations
  • POST /snapshot-instances/{snapshot_instance_id}/action

Scope Types
  • system

Reset share snapshot instance’s status.

share_snapshot_instance_export_location:index
Default

rule:system-reader

Operations
  • GET /snapshot-instances/{snapshot_instance_id}/export-locations

Scope Types
  • system

List export locations of a share snapshot instance.

share_snapshot_instance_export_location:show
Default

rule:system-reader

Operations
  • GET /snapshot-instances/{snapshot_instance_id}/export-locations/{export_location_id}

Scope Types
  • system

Show details of a specified export location of a share snapshot instance.

share_server:index
Default

rule:system-reader

Operations
  • GET /share-servers

  • GET /share-servers?{query}

Scope Types
  • system

Get share servers.

share_server:show
Default

rule:system-reader

Operations
  • GET /share-servers/{server_id}

Scope Types
  • system

Show share server.

share_server:details
Default

rule:system-reader

Operations
  • GET /share-servers/{server_id}/details

Scope Types
  • system

Get share server details.

share_server:delete
Default

rule:system-admin

Operations
  • DELETE /share-servers/{server_id}

Scope Types
  • system

Delete share server.

share_server:manage_share_server
Default

rule:system-admin

Operations
  • POST /share-servers/manage

Scope Types
  • system

Manage share server.

share_server:unmanage_share_server
Default

rule:system-admin

Operations
  • POST /share-servers/{share_server_id}/action

Scope Types
  • system

Unmanage share server.

share_server:reset_status
Default

rule:system-admin

Operations
  • POST /share-servers/{share_server_id}/action

Scope Types
  • system

Reset the status of a share server.

share_server:share_server_migration_start
Default

rule:system-admin

Operations
  • POST /share-servers/{share_server_id}/action

Scope Types
  • system

Migrates a share server to the specified host.

share_server:share_server_migration_check
Default

rule:system-reader

Operations
  • POST /share-servers/{share_server_id}/action

Scope Types
  • system

Check if can migrates a share server to the specified host.

share_server:share_server_migration_complete
Default

rule:system-admin

Operations
  • POST /share-servers/{share_server_id}/action

Scope Types
  • system

Invokes the 2nd phase of share server migration.

share_server:share_server_migration_cancel
Default

rule:system-admin

Operations
  • POST /share-servers/{share_server_id}/action

Scope Types
  • system

Attempts to cancel share server migration.

share_server:share_server_migration_get_progress
Default

rule:system-reader

Operations
  • POST /share-servers/{share_server_id}/action

Scope Types
  • system

Retrieves the share server migration progress for a given share server.

share_server:share_server_reset_task_state
Default

rule:system-admin

Operations
  • POST /share-servers/{share_server_id}/action

Scope Types
  • system

Resets task state.

service:index
Default

rule:system-reader

Operations
  • GET /os-services

  • GET /os-services?{query}

  • GET /services

  • GET /services?{query}

Scope Types
  • system

Return a list of all running services.

service:update
Default

rule:system-admin

Operations
  • PUT /os-services/disable

  • PUT /os-services/enable

  • PUT /services/disable

  • PUT /services/enable

Scope Types
  • system

Enable/Disable scheduling for a service.

quota_set:update
Default

rule:system-admin

Operations
  • PUT /quota-sets/{tenant_id}

  • PUT /quota-sets/{tenant_id}?user_id={user_id}

  • PUT /quota-sets/{tenant_id}?share_type={share_type_id}

  • PUT /os-quota-sets/{tenant_id}

  • PUT /os-quota-sets/{tenant_id}?user_id={user_id}

Scope Types
  • system

Update the quotas for a project/user and/or share type.

quota_set:show
Default

(rule:system-reader) or (rule:project-reader)

Operations
  • GET /quota-sets/{tenant_id}/defaults

  • GET /os-quota-sets/{tenant_id}/defaults

Scope Types
  • system

  • project

List the quotas for a tenant/user.

quota_set:delete
Default

rule:system-admin

Operations
  • DELETE /quota-sets/{tenant_id}

  • DELETE /quota-sets/{tenant_id}?user_id={user_id}

  • DELETE /quota-sets/{tenant_id}?share_type={share_type_id}

  • DELETE /os-quota-sets/{tenant_id}

  • DELETE /os-quota-sets/{tenant_id}?user_id={user_id}

Scope Types
  • system

Delete quota for a tenant/user or tenant/share-type. The quota will revert back to default (Admin only).

quota_class_set:update
Default

rule:system-admin

Operations
  • PUT /quota-class-sets/{class_name}

  • PUT /os-quota-class-sets/{class_name}

Scope Types
  • system

Update quota class.

quota_class_set:show
Default

(rule:system-reader) or (rule:project-reader)

Operations
  • GET /quota-class-sets/{class_name}

  • GET /os-quota-class-sets/{class_name}

Scope Types
  • system

  • project

Get quota class.

share_group_types_spec:create
Default

rule:system-admin

Operations
  • POST /share-group-types/{share_group_type_id}/group-specs

Scope Types
  • system

Create share group type specs.

share_group_types_spec:index
Default

rule:system-reader

Operations
  • GET /share-group-types/{share_group_type_id}/group-specs

Scope Types
  • system

Get share group type specs.

share_group_types_spec:show
Default

rule:system-reader

Operations
  • GET /share-group-types/{share_group_type_id}/group-specs/{key}

Scope Types
  • system

Get details of a share group type spec.

share_group_types_spec:update
Default

rule:system-admin

Operations
  • PUT /share-group-types/{share_group_type_id}/group-specs/{key}

Scope Types
  • system

Update a share group type spec.

share_group_types_spec:delete
Default

rule:system-admin

Operations
  • DELETE /share-group-types/{share_group_type_id}/group-specs/{key}

Scope Types
  • system

Delete a share group type spec.

share_group_type:create
Default

rule:system-admin

Operations
  • POST /share-group-types

Scope Types
  • system

Create a new share group type.

share_group_type:index
Default

(rule:system-reader) or (rule:project-reader)

Operations
  • GET /share-group-types

  • GET /share-group-types?is_public=all

Scope Types
  • system

  • project

Get the list of share group types.

share_group_type:show
Default

(rule:system-reader) or (rule:project-reader)

Operations
  • GET /share-group-types/{share_group_type_id}

Scope Types
  • system

  • project

Get details regarding the specified share group type.

share_group_type:default
Default

(rule:system-reader) or (rule:project-reader)

Operations
  • GET /share-group-types/default

Scope Types
  • system

  • project

Get the default share group type.

share_group_type:delete
Default

rule:system-admin

Operations
  • DELETE /share-group-types/{share_group_type_id}

Scope Types
  • system

Delete an existing group type.

share_group_type:list_project_access
Default

rule:system-reader

Operations
  • GET /share-group-types/{share_group_type_id}/access

Scope Types
  • system

Get project access by share group type.

share_group_type:add_project_access
Default

rule:system-admin

Operations
  • POST /share-group-types/{share_group_type_id}/action

Scope Types
  • system

Allow project to use the share group type.

share_group_type:remove_project_access
Default

rule:system-admin

Operations
  • POST /share-group-types/{share_group_type_id}/action

Scope Types
  • system

Deny project access to use the share group type.

share_group_snapshot:create
Default

(rule:system-admin) or (rule:project-member)

Operations
  • POST /share-group-snapshots

Scope Types
  • system

  • project

Create a new share group snapshot.

share_group_snapshot:get
Default

(rule:system-reader) or (rule:project-reader)

Operations
  • GET /share-group-snapshots/{share_group_snapshot_id}

Scope Types
  • system

  • project

Get details of a share group snapshot.

share_group_snapshot:get_all
Default

(rule:system-reader) or (rule:project-reader)

Operations
  • GET /share-group-snapshots

  • GET /share-group-snapshots/detail

  • GET /share-group-snapshots/{query}

  • GET /share-group-snapshots/detail?{query}

Scope Types
  • system

  • project

Get all share group snapshots.

share_group_snapshot:update
Default

(rule:system-admin) or (rule:project-member)

Operations
  • PUT /share-group-snapshots/{share_group_snapshot_id}

Scope Types
  • system

  • project

Update a share group snapshot.

share_group_snapshot:delete
Default

(rule:system-admin) or (rule:project-member)

Operations
  • DELETE /share-group-snapshots/{share_group_snapshot_id}

Scope Types
  • system

  • project

Delete a share group snapshot.

share_group_snapshot:force_delete
Default

(rule:system-admin) or (rule:project-admin)

Operations
  • POST /share-group-snapshots/{share_group_snapshot_id}/action

Scope Types
  • system

  • project

Force delete a share group snapshot.

share_group_snapshot:reset_status
Default

(rule:system-admin) or (rule:project-admin)

Operations
  • POST /share-group-snapshots/{share_group_snapshot_id}/action

Scope Types
  • system

  • project

Reset a share group snapshot’s status.

share_group:create
Default

(rule:system-admin) or (rule:project-member)

Operations
  • POST /share-groups

Scope Types
  • system

  • project

Create share group.

share_group:get
Default

(rule:system-reader) or (rule:project-reader)

Operations
  • GET /share-groups/{share_group_id}

Scope Types
  • system

  • project

Get details of a share group.

share_group:get_all
Default

(rule:system-reader) or (rule:project-reader)

Operations
  • GET /share-groups

  • GET /share-groups/detail

  • GET /share-groups?{query}

  • GET /share-groups/detail?{query}

Scope Types
  • system

  • project

Get all share groups.

share_group:update
Default

(rule:system-admin) or (rule:project-member)

Operations
  • PUT /share-groups/{share_group_id}

Scope Types
  • system

  • project

Update share group.

share_group:delete
Default

(rule:system-admin) or (rule:project-member)

Operations
  • DELETE /share-groups/{share_group_id}

Scope Types
  • system

  • project

Delete share group.

share_group:force_delete
Default

(rule:system-admin) or (rule:project-admin)

Operations
  • POST /share-groups/{share_group_id}/action

Scope Types
  • system

  • project

Force delete a share group.

share_group:reset_status
Default

(rule:system-admin) or (rule:project-admin)

Operations
  • POST /share-groups/{share_group_id}/action

Scope Types
  • system

  • project

Reset share group’s status.

share_replica:create
Default

(rule:system-admin) or (rule:project-member)

Operations
  • POST /share-replicas

Scope Types
  • system

  • project

Create share replica.

share_replica:get_all
Default

(rule:system-reader) or (rule:project-reader)

Operations
  • GET /share-replicas

  • GET /share-replicas/detail

  • GET /share-replicas/detail?share_id={share_id}

Scope Types
  • system

  • project

Get all share replicas.

share_replica:show
Default

(rule:system-reader) or (rule:project-reader)

Operations
  • GET /share-replicas/{share_replica_id}

Scope Types
  • system

  • project

Get details of a share replica.

share_replica:delete
Default

(rule:system-admin) or (rule:project-member)

Operations
  • DELETE /share-replicas/{share_replica_id}

Scope Types
  • system

  • project

Delete a share replica.

share_replica:force_delete
Default

(rule:system-admin) or (rule:project-admin)

Operations
  • POST /share-replicas/{share_replica_id}/action

Scope Types
  • system

  • project

Force delete a share replica.

share_replica:promote
Default

(rule:system-admin) or (rule:project-member)

Operations
  • POST /share-replicas/{share_replica_id}/action

Scope Types
  • system

  • project

Promote a non-active share replica to active.

share_replica:resync
Default

(rule:system-admin) or (rule:project-admin)

Operations
  • POST /share-replicas/{share_replica_id}/action

Scope Types
  • system

  • project

Resync a share replica that is out of sync.

share_replica:reset_replica_state
Default

(rule:system-admin) or (rule:project-admin)

Operations
  • POST /share-replicas/{share_replica_id}/action

Scope Types
  • system

  • project

Reset share replica’s replica_state attribute.

share_replica:reset_status
Default

(rule:system-admin) or (rule:project-admin)

Operations
  • POST /share-replicas/{share_replica_id}/action

Scope Types
  • system

  • project

Reset share replica’s status.

share_replica_export_location:index
Default

(rule:system-reader) or (rule:project-reader)

Operations
  • GET /share-replicas/{share_replica_id}/export-locations

Scope Types
  • system

  • project

Get all export locations of a given share replica.

share_replica_export_location:show
Default

(rule:system-reader) or (rule:project-reader)

Operations
  • GET /share-replicas/{share_replica_id}/export-locations/{export_location_id}

Scope Types
  • system

  • project

Get details about the requested share replica export location.

share_network:create
Default

(rule:system-admin) or (rule:project-member)

Operations
  • POST /share-networks

Scope Types
  • system

  • project

Create share network.

share_network:show
Default

(rule:system-reader) or (rule:project-reader)

Operations
  • GET /share-networks/{share_network_id}

Scope Types
  • system

  • project

Get details of a share network.

share_network:index
Default

(rule:system-reader) or (rule:project-reader)

Operations
  • GET /share-networks

  • GET /share-networks?{query}

Scope Types
  • system

  • project

Get all share networks.

share_network:detail
Default

(rule:system-reader) or (rule:project-reader)

Operations
  • GET /share-networks/detail?{query}

  • GET /share-networks/detail

Scope Types
  • system

  • project

Get details of share networks .

share_network:update
Default

(rule:system-admin) or (rule:project-member)

Operations
  • PUT /share-networks/{share_network_id}

Scope Types
  • system

  • project

Update a share network.

share_network:delete
Default

(rule:system-admin) or (rule:project-member)

Operations
  • DELETE /share-networks/{share_network_id}

Scope Types
  • system

  • project

Delete a share network.

share_network:add_security_service
Default

(rule:system-admin) or (rule:project-member)

Operations
  • POST /share-networks/{share_network_id}/action

Scope Types
  • system

  • project

Add security service to share network.

share_network:add_security_service_check
Default

(rule:system-admin) or (rule:project-member)

Operations
  • POST /share-networks/{share_network_id}/action

Scope Types
  • system

  • project

Check the feasibility of add security service to a share network.

share_network:remove_security_service
Default

(rule:system-admin) or (rule:project-member)

Operations
  • POST /share-networks/{share_network_id}/action

Scope Types
  • system

  • project

Remove security service from share network.

share_network:update_security_service
Default

(rule:system-admin) or (rule:project-member)

Operations
  • POST /share-networks/{share_network_id}/action

Scope Types
  • system

  • project

Update security service from share network.

share_network:update_security_service_check
Default

(rule:system-admin) or (rule:project-member)

Operations
  • POST /share-networks/{share_network_id}/action

Scope Types
  • system

  • project

Check the feasibility of update a security service from share network.

share_network:reset_status
Default

(rule:system-admin) or (rule:project-admin)

Operations
  • POST /share-networks/{share_network_id}/action

Scope Types
  • system

  • project

Reset share network`s status.

share_network:get_all_share_networks
Default

rule:system-reader

Operations
  • GET /share-networks?all_tenants=1

  • GET /share-networks/detail?all_tenants=1

Scope Types
  • system

Get share networks belonging to all projects.

share_network_subnet:create
Default

(rule:system-admin) or (rule:project-member)

Operations
  • POST /share-networks/{share_network_id}/subnets

Scope Types
  • system

  • project

Create a new share network subnet.

share_network_subnet:delete
Default

(rule:system-admin) or (rule:project-member)

Operations
  • DELETE /share-networks/{share_network_id}/subnets/{share_network_subnet_id}

Scope Types
  • system

  • project

Delete a share network subnet.

share_network_subnet:show
Default

(rule:system-reader) or (rule:project-reader)

Operations
  • GET /share-networks/{share_network_id}/subnets/{share_network_subnet_id}

Scope Types
  • system

  • project

Shows a share network subnet.

share_network_subnet:index
Default

(rule:system-reader) or (rule:project-reader)

Operations
  • GET /share-networks/{share_network_id}/subnets

Scope Types
  • system

  • project

Get all share network subnets.

security_service:create
Default

(rule:system-admin) or (rule:project-member)

Operations
  • POST /security-services

Scope Types
  • system

  • project

Create security service.

security_service:show
Default

(rule:system-reader) or (rule:project-reader)

Operations
  • GET /security-services/{security_service_id}

Scope Types
  • system

  • project

Get details of a security service.

security_service:detail
Default

(rule:system-reader) or (rule:project-reader)

Operations
  • GET /security-services/detail?{query}

  • GET /security-services/detail

Scope Types
  • system

  • project

Get details of all security services.

security_service:index
Default

(rule:system-reader) or (rule:project-reader)

Operations
  • GET /security-services

  • GET /security-services?{query}

Scope Types
  • system

  • project

Get all security services.

security_service:update
Default

(rule:system-admin) or (rule:project-member)

Operations
  • PUT /security-services/{security_service_id}

Scope Types
  • system

  • project

Update a security service.

security_service:delete
Default

(rule:system-admin) or (rule:project-member)

Operations
  • DELETE /security-services/{security_service_id}

Scope Types
  • system

  • project

Delete a security service.

security_service:get_all_security_services
Default

rule:system-reader

Operations
  • GET /security-services?all_tenants=1

  • GET /security-services/detail?all_tenants=1

Scope Types
  • system

Get security services of all projects.

share_export_location:index
Default

(rule:system-reader) or (rule:project-reader)

Operations
  • GET /shares/{share_id}/export_locations

Scope Types
  • system

  • project

Get all export locations of a given share.

share_export_location:show
Default

(rule:system-reader) or (rule:project-reader)

Operations
  • GET /shares/{share_id}/export_locations/{export_location_id}

Scope Types
  • system

  • project

Get details about the requested export location.

share_instance:index
Default

rule:system-reader

Operations
  • GET /share_instances

  • GET /share_instances?{query}

Scope Types
  • system

Get all share instances.

share_instance:show
Default

rule:system-reader

Operations
  • GET /share_instances/{share_instance_id}

Scope Types
  • system

Get details of a share instance.

share_instance:force_delete
Default

rule:system-admin

Operations
  • POST /share_instances/{share_instance_id}/action

Scope Types
  • system

Force delete a share instance.

share_instance:reset_status
Default

rule:system-admin

Operations
  • POST /share_instances/{share_instance_id}/action

Scope Types
  • system

Reset share instance’s status.

message:get
Default

(rule:system-reader) or (rule:project-reader)

Operations
  • GET /messages/{message_id}

Scope Types
  • system

  • project

Get details of a given message.

message:get_all
Default

(rule:system-reader) or (rule:project-reader)

Operations
  • GET /messages

  • GET /messages?{query}

Scope Types
  • system

  • project

Get all messages.

message:delete
Default

(rule:system-admin) or (rule:project-member)

Operations
  • DELETE /messages/{message_id}

Scope Types
  • system

  • project

Delete a message.

share_access_rule:get
Default

(rule:system-reader) or (rule:project-reader)

Operations
  • GET /share-access-rules/{share_access_id}

Scope Types
  • system

  • project

Get details of a share access rule.

share_access_rule:index
Default

(rule:system-reader) or (rule:project-reader)

Operations
  • GET /share-access-rules?share_id={share_id}&key1=value1&key2=value2

Scope Types
  • system

  • project

List access rules of a given share.

share_access_metadata:update
Default

(rule:system-admin) or (rule:project-member)

Operations
  • PUT /share-access-rules/{share_access_id}/metadata

Scope Types
  • system

  • project

Set metadata for a share access rule.

share_access_metadata:delete
Default

(rule:system-admin) or (rule:project-member)

Operations
  • DELETE /share-access-rules/{share_access_id}/metadata/{key}

Scope Types
  • system

  • project

Delete metadata for a share access rule.