Control access to the underlying firewall

Last update: April 03 2026

Access to the basic firewall is governed by a role model that defines access within an account, see the Access Control in Selectel Products manual for details. The role capabilities within all products can be viewed in the Role Reference Guide.

member

User with full access to all Selectel products. Does not have access to manage: users, service users, user groups and federations.

Access areas	account; project
Who can be prescribed	users; to service users; user groups
Available Basic Firewall Operations	In the Account access area: basic firewall management: creating a basic firewall; modifying the basic firewall (adding rules, changing rules, etc.); basic firewall removal
	Basic firewall operations are not available in the Project access area

iam.viewer

A user with access to view everything that iam.admin manages.

Access areas	Account
Who can be prescribed	users; to service users; user groups
Available operations	view users, service users, user group and federations; view user keys; View other users' notifications; view account access restrictions

iam.admin

User with access to user management and without access to services and billing. Cannot manage his account: change permissions, manage notifications, delete the user. The first user with the iam.admin role is created by the Account Owner.

Access areas	Account
Who can be prescribed	users; to service users; user groups
Available Basic Firewall Operations	managing users, service users, user groups with access to the basic firewall, and managing federations

reader

A user with access to view everything he controls member in the same access area.

Access areas	account; project
Who can be prescribed	users; to service users; user groups
Available Basic Firewall Operations	In the Account access area: View a list of basic firewalls and information about them
	Basic firewall operations are not available in the Project access area

dedicated.admin

A user with management access to the underlying firewall.

The dedicated.admin role also gives management access:

• dedicated servers;
• with the equipment that's been placed;
• firewalls;
• data storage system;
• network disks for dedicated servers;
• with rented network equipment.

Access areas	account; project
Who can be prescribed	users; to service users; user groups
Available Basic Firewall Operations	In the Account access area: basic firewall management: creating a basic firewall; modifying the basic firewall (adding rules, changing rules, etc.); basic firewall removal
	Basic firewall operations are not available in the Project access area

dedicated.viewer

User with access to view everything he manages dedicated.admin in the same access area.

Access areas	account; project
Who can be prescribed	users; to service users; user groups
Available Basic Firewall Operations	In the Account access area: View a list of basic firewalls and information about them
	Basic firewall operations are not available in the Project access area