Manage access to cloud firewall

Access to cloud firewall is regulated by:

projects — define access within an isolated group of resources;
role model — defines access for different users within an account and a project.

Access within the role model

Learn more about access within the role model in the Access management in Selectel products instruction.

member

A user with full access to all services. Access management is unavailable for: users, service users, user groups and federations.

Access areas	Account; Project
Who can be assigned	Users; service users; user groups
Available operations with cloud firewall	In the Account access area: viewing the list of cloud firewalls and information about them in all projects; managing cloud firewalls in all projects
Available operations with cloud firewall	In the Project access area: viewing the list of cloud firewalls and information about them in the selected project; managing cloud firewalls in the selected project

iam.admin

A user with access to manage users, but with no access to services or billing. Cannot manage their account: modify permissions, manage notifications, or delete a user. The first user with the iam.admin role is created by the Account Owner.

Access areas	Account
Who can be assigned	Users; service users; user groups
Available operations with cloud firewall	Manage users, service users, user groups that have access to the cloud firewall, and also manage federations

iam.viewer

A user with access to view everything that the iam.admin manages.

Access areas	Account
Who can be assigned	Users; service users; user groups
Available operations with cloud firewall	View users, service users, user groups and federations; viewing user keys; viewing notifications of other users; viewing account access restrictions

reader

A user with access to view everything that the member manages in the same access area.

Access areas	Account; Project
Who can be assigned	Users; service users; user groups
Available operations with cloud firewall	In the Account access area: viewing the list of cloud firewalls and information about them
Available operations with cloud firewall	In the Project access area: viewing the list of cloud firewalls and information about them in the selected project

vpc.admin

A user with access to managing cloud platform networks (private networks and subnets, public subnets and public IP addresses, cloud routers), cloud firewalls, security groups, and cloud load balancers.

Access areas	Account; Project
Who can be assigned	Users; service users; user groups
Available operations with cloud firewall	In the Account access area: viewing the list of cloud firewalls and information about them in all projects; managing cloud firewalls in all projects
Available operations with cloud firewall	In the Project access area: viewing the list of cloud firewalls and information about them in the selected project; managing cloud firewalls in the selected project

vpc.viewer

A user with access to view everything that the vpc.admin manages in the same access area.

Access areas	Account
Who can be assigned	Users; service users; user groups
Available operations with cloud firewall	In the Account access area: viewing the list of cloud firewalls and information about them in all projects
Available operations with cloud firewall	In the Project access area: viewing the list of cloud firewalls and information about them in the selected project

vpc.network_security.admin

A user with access to managing traffic restriction tools in cloud platform networks — cloud firewalls, security groups.

Access areas	Account; Project
Who can be assigned	Users; service users; user groups
Available operations with cloud firewall	In the Account access area: viewing the list of cloud firewalls and information about them in all projects; managing cloud firewalls in all projects
Available operations with cloud firewall	In the Project access area: viewing the list of cloud firewalls and information about them in the selected project; managing cloud firewalls in the selected project

vpc.network_security.user

A user with access to view everything that the vpc.network_security.admin manages in the same access area.

Access areas	Account; Project
Who can be assigned	Users; service users; user groups
Available operations with cloud firewall	In the Account access area: viewing the list of cloud firewalls and information about them in all projects
Available operations with cloud firewall	In the Project access area: viewing the list of cloud firewalls and information about them in the selected project

vpc.network_security.viewer

A user with access to view everything that the vpc.network_security.admin manages in the same access area.

Access areas	Account; Project
Who can be assigned	Users; service users; user groups
Available operations with cloud firewall	In the Account access area: viewing the list of cloud firewalls and information about them in all projects
Available operations with cloud firewall	In the Project access area: viewing the list of cloud firewalls and information about them in the selected project