Example of VM Operation Only User Setting

An example of an IAM role that allows a user to perform operations on a specified virtual server is as follows. Project_id is the tenant ID, and server_id is the instance ID you want to restrict the operation to.
This setting is provided by Nova Restricted Operation as a template.
 {
   "contract_id" : "econXXXXXXXXX",
   "iam_role_name" : "nova_restricted_operation",
   "description" : "操作VM限定ユーザー",
   "resources" : [
       {
           "basePath" : "/ecl-nova",
           "ipAddress" : "*",
           "path" : "/v2/{project_id}/servers/{server_id}/*",
           "verb" : "*"
       }
   ]
}
By specifying the request URL, which locates later than the end point, to the path, the VM for operation is limited.
To accept all path indicated after server_id, * (asterisk) is used for specifying. If * (asterisk) is not used, only the API that uses the path of /v2/{project_id}/servers/{server_id} is executable control.
Link the IAM role above to nova_restricted_operation_grop.
Example of setting operation(Virutal machine)