UpCloud

Permissions

Permissions manage access to resources by subaccounts. A main account user can expose specific resources to subaccounts, or grant wildcard permissions for entire resource types.

When a subaccount creates new resources, it automatically receives permission entries for those resources.

GET/1.3/permission

Get permissions

Returns a list of permission entries. For main accounts, all defined permissions are returned. For subaccounts, only applicable permissions are returned.

Request

GET
/1.3/permission
curl -X GET https://api.upcloud.com/1.3/permission \
  -u your_username:your_password
POST/1.3/permission/grant

Grant permission

Grants a subaccount permission to access a specific resource or all resources of a type.

Attributes

  • Name
    target_identifier
    Type
    string
    Description

    Resource UUID or "*" for wildcard (all resources of type). Required.

  • Name
    target_type
    Type
    string
    Description

    Resource type. Required.

  • Name
    user
    Type
    string
    Description

    Subaccount username. Required.

  • Name
    options
    Type
    object
    Description

    Permission options (e.g., storage access level).

Target types

  • Name
    server
    Description

    Cloud servers.

  • Name
    storage
    Description

    Storage devices.

  • Name
    ip_address
    Description

    IP addresses.

  • Name
    network
    Description

    Private networks.

  • Name
    router
    Description

    Network routers.

  • Name
    managed_database
    Description

    Managed Database services.

  • Name
    managed_loadbalancer
    Description

    Managed Load Balancer services.

  • Name
    managed_kubernetes
    Description

    Managed Kubernetes clusters.

  • Name
    managed_object_storage
    Description

    Managed Object Storage services.

  • Name
    network_gateway
    Description

    Network gateways.

Request

POST
/1.3/permission/grant
curl -X POST https://api.upcloud.com/1.3/permission/grant \
  -u your_username:your_password \
  -H "Content-Type: application/json" \
  -d '{
    "permission": {
      "target_identifier": "00a81875-a3ce-418c-9fca-45c04c7320c3",
      "target_type": "server",
      "user": "sub_account_user1"
    }
  }'

Grant wildcard permission

curl -X POST https://api.upcloud.com/1.3/permission/grant \
  -u your_username:your_password \
  -H "Content-Type: application/json" \
  -d '{
    "permission": {
      "target_identifier": "*",
      "target_type": "server",
      "user": "sub_account_user2"
    }
  }'
POST/1.3/permission/revoke

Revoke permission

Revokes a subaccount's permission to access a resource.

Attributes

  • Name
    target_identifier
    Type
    string
    Description

    Resource UUID or "*" to revoke wildcard permission. Required.

  • Name
    target_type
    Type
    string
    Description

    Resource type. Required.

  • Name
    user
    Type
    string
    Description

    Subaccount username. Required.

Request

POST
/1.3/permission/revoke
curl -X POST https://api.upcloud.com/1.3/permission/revoke \
  -u your_username:your_password \
  -H "Content-Type: application/json" \
  -d '{
    "permission": {
      "target_identifier": "00a81875-a3ce-418c-9fca-45c04c7320c3",
      "target_type": "server",
      "user": "sub_account_user1"
    }
  }'