Access and permissions

Design for access and permissions

The Cloud Console features a rudimentary permissions system based on hardcoded groups, usually a “Admins” and a “Members” group where the “Admins” group can be considered “RW” (read and write) and the “Members” group can be considered read only.

Note

Generally these groups and their permissions are limited to activity in the Cloud Console and do not extend to underlying systems like DBaaS and OpenStack.

It is usually possible to manage permissions with the native model for the product in question, ie. OpenStack project roles

Organization

Organization admins can manage permissions through the “Organization” page in the sidebar. Minimum permissions in an organization is represented by the “Members” group. They can view everything for the organization in Cloud Console.

Admins can edit everything owned by the organization in the Cloud Console and make other users Admins in the organization.

DBaaS

For each DBaaS project, there is a “Admins” and a “Members” group. Their privileges in DBaaS are the same, ie. complete.

In the Cloud Console organization Admins can:

Create projects
Add/remove users for each project

OpenStack

For OpenStack projects, organization Admins can:

Create projects
Add/remove users for each project
Manage users’ Openstack project roles for each project

Last modified April 16, 2026: Merge d65409182e210eb370cb48a95128441ce0214a0b into f3fce76b6e32c77c503ad239a235f96c051faa3a (06febb6)