Permission Enforcement in the SoftLayer API

The SoftLayer API is built around the same system of user permissions that power the SoftLayer customer portal. What the API exposes and allows depends on the authenticated user account that is making the call and that user's permission set. Your account's master user has full permissions to every service and method associated with your account. Please be wary if you choose to execute API method calls using your account's master user.

The SoftLayer API treats a permission error like an object not found error, returning an exception stating that it can't find an object rather than say that the current user does not have permission to view it.

Functionality Permissions

Every portal and API user has a set of functionality-based permissions. These permissions govern the ability to:

  • Add a server
  • Add and edit tickets
  • Add IP addresses
  • Add new users
  • Add services and upgrades
  • Add StorageLayer services
  • Cancel a server
  • Edit your company profile
  • Initiate RescueLayer
  • Initiate vulnerability scanning
  • Issue OS reloads
  • Manage a hardware firewall
  • Manage antivirus and spyware software
  • Manage DNS
  • Manage Host IDS software
  • Mange load balancers
  • Manage network IDS services
  • Manage network port control
  • Manage reverse DNS
  • Mange RWHOIS records
  • Manage server monitoring
  • Mange SWIP requests
  • Reboot a server
  • Search tickets
  • Submit one-time payments
  • Update payment details
  • View hardware details
  • View tickets
  • View your account summary
  • View software licenses
  • View bandwidth statistics
  • And much more…

Adding and Removing User Permissions

If a method requires a special permission to execute, it is noted on its associated manual page. Likewise, if viewing a data type property requires a special permission, it is noted on that data type's manual page. Permissions can be added or removed by either the SoftLayer Customer Portal or using a direct API call.
To change your user's permission set via the SoftLayer Customer Portal, complete the steps below.

  1. Access the SoftLayer customer portal.
  2. Enter the account master’s username in the User name field.
  3. Enter the Portal password in the Password field.
  4. Click the Administrative link.
  5. Click on the username of the user whose permissions you wish to change in the User List.
  6. Check or uncheck the desired user permissions.
  7. Click the Edit User Profile button.

To change your user’s permission set using a direct API call, use the following guidelines based on the task you would like to accomplish:

  • To add permissions, execute either the addPortalPermission or addBulkPortalPermission methods in the SoftLayer_User_Customer service.
  • To remove permissions, execute either the removePortalPermission or removeBulkPortalPermission methods in the SoftLayer_User_Customer service.
    Notes:
    • You can retrieve a list of valid hardware to assign user access to with the getAllObjects method in the SoftLayer_User_Customer_CustomerPermission_Permission service.
    • The addBulkPortalPermission and removeBulkPortalPermission methods allow you to add or remove multiple permission for the user at one time.

Hardware Restrictions

It is also possible to limit user interactivity to only certain servers purchased by a customer account or to none of the servers listed on the account. As with adding and removing user permissions, this task may also be completed through either the SoftLayer Customer Portal or by using a direct API call.

Follow the steps below to update hardware restrictions for a user through the SoftLayer Customer Portal.

  1. Access the SoftLayer customer portal.
  2. Enter the account master’s username in the User name field.
  3. Enter the portal password in the Password field.
  4. Click the Administrative link.
  5. Click on your username of the user whose permissions you wish to change in the User List.
  6. Scroll to the User Hardware Access section.
  7. Determine if access to all hardware is to be granted, or if access to individual servers is required.
    • If access to all hardware is to be granted, select the Allow Access to All Hardware radio button.
    • If access to individual servers is required
      • Click the applicable server(s) to which the user requires access from the Server Access window.
      • Select the Limit Access to the Following Hardware radio button.
  8. Click the Edit User Profile button.

To change a user’s hardware restrictions using a direct API call, use the following guidelines based on the task you would like to accomplish:

  • To add user hardware access, execute either the addHardwareAccess or addBulkHardwareAccess methods in the SoftLayer_User_Customer service.
  • To remove user hardware access execute either the removeHardwareAccess or removeBulkHardwareAccess methods in the SoftLayer_User_Customer service.
    Notes:
    • You can retrieve a list of valid hardware to assign user access to with the getHardware method in the SoftLayer_Account service.
    • The addBulkHardwareAccess and removeBulkHardwareAccess methods allow you to add or remove access to multiple pieces of hardware for the user at one time.

Cloud Computing Instance (CCI) Restrictions

Similar to the restriction of hardware interactivity, the Account Master also has the ability to restrict a specific user’s (or users’) ability to interact with and view Cloud Computing Instances (CCIs). Like the two previous actions outlined in this article, this task, too, is completed through either the SoftLayer Customer Portal or through the use of a direct API call.
Follow the steps below to update CCI restrictions for a user through the SoftLayer Customer Portal.

  1. Access the SoftLayer customer portal.
  2. Enter the account master’s username in the User name field.
  3. Enter the portal password in the Password field.
  4. Click the Administrative link.
  5. Click on your username of the user whose permissions you wish to change in the User List.
  6. Scroll to the User CCI Access section.
  7. Determine if access to all hardware is to be granted, or if access to individual servers is required.
    • If access to all CCIs is to be granted, select the Allow Access to All CCI radio button.
    • If access to individual CCIs is to be granted
      • Click the applicable CCI(s) to which the user requires access in the CCI Access window.
      • Select the Limit Access to the Following CCI radio button.
  8. Click the Edit User Profile button.

To change a user’s CCI restrictions using a direct API call, use the following guidelines based on the task you would like to accomplish:

  • To add user CCI access, execute either the addVirtualGuestAccess or addBulkVirtualGuestAccess methods in the SoftLayer_User_Customer service.
  • To remove user CCI access execute either the removeVirtualGuestAccess or removeBulkVirtualGuestAccess methods in the SoftLayer_User_Customer service.
    Notes:

  • You can retrieve a list of valid CCIs to assign user access with the getVirtualGuests method in the SoftLayer_Account service.

  • The addBulkVirtualGuestAccess and removeBulkVirtualGuestAccess methods allow you to add or remove access to multiple pieces of hardware for the user at one time.

Associated Methods

See Also

External Links