Manage audit log access

Audit log access is governed by a role model that defines access within an account and project. For more information, see the Access Control in Selectel Products manual.

member

A user with full access to all services. Does not have management access for: users, service users, user groups, and federations.

Access scopes	Account; Project
Can be assigned to	Users; service users; user groups
Available operations with audit logs	In the Account access scope: audit log download
Available operations with audit logs	In the Project access scope, audit log operations are unavailable

iam.admin

A user with access to manage users and no access to services and billing. Cannot manage their own account: change permissions, manage notifications, or delete the user. The first user with the iam.admin role is created by the Account owner.

Access scopes	Account
Can be assigned to	Users; service users; user groups
Available operations with audit logs	Manage users, service users, user groups with access to audit logs, as well as manage federations

iam.viewer

A user with access to view everything managed by iam.admin.

Access scopes	Account
Can be assigned to	Users; service users; user groups
Available operations with audit logs	View users, service users, user groups with access to audit logs, as well as view federations

audit_logs.admin

A user with access to audit logs. Does not have access to other products. For more information, see the Manage audit log access instruction.

Access scopes	Account
Can be assigned to	Users; service users; user groups
Available operations	Audit log download