Manage access to the basic firewall

Last update: May 30 2026

Access to the basic firewall is governed by a role model that defines access within an account; for more details, see the Access management in Selectel products guide. Role capabilities across all products can be found in the role reference guide.

member

User with full access to all Selectel products. Cannot manage: users, service users, user groups and federations.

Access scopes	account; project
Can be assigned to	users; service users; user groups
Available operations with the basic firewall	In the Account access scope: basic firewall management: creating a basic firewall; modifying a basic firewall (adding rules, changing rules, etc.); deleting a basic firewall
	In the Project access scope, basic firewall operations are unavailable

iam.viewer

User with access to view everything that iam.admin manages.

Access scopes	Account
Can be assigned to	users; service users; user groups
Available operations	viewing users, service users, user groups and federations; viewing user keys; viewing notifications of other users; viewing account access restrictions

iam.admin

User with access to manage users and without access to services and billing. Cannot manage their own account: change permissions, manage notifications, or delete the user. The first user with the iam.admin role is created by the Account Owner.

Access scopes	Account
Can be assigned to	users; service users; user groups
Available operations with the basic firewall	managing users, service users, user groups with access to the basic firewall, as well as managing federations

reader

User with access to view everything that member manages in the same access scope.

Access scopes	account; project
Can be assigned to	users; service users; user groups
Available operations with the basic firewall	In the Account access scope: viewing the list of basic firewalls and information about them
	In the Project access scope, basic firewall operations are unavailable

dedicated.admin

User with access to basic firewall management.

The dedicated.admin role also grants access to manage:

• dedicated servers;
• colocation equipment;
• firewalls;
• storage system;
• network volumes for dedicated servers;
• rented network equipment.

Access scopes	account; project
Can be assigned to	users; service users; user groups
Available operations with the basic firewall	In the Account access scope: basic firewall management: creating a basic firewall; modifying a basic firewall (adding rules, changing rules, etc.); deleting a basic firewall
	In the Project access scope, basic firewall operations are unavailable

dedicated.viewer

User with access to view everything that dedicated.admin manages in the same access scope.

Access scopes	account; project
Can be assigned to	users; service users; user groups
Available operations with the basic firewall	In the Account access scope: viewing the list of basic firewalls and information about them
	In the Project access scope, basic firewall operations are unavailable