Manage access to cloud load balancers

Access to cloud load balancers is governed by:

projects — define access within an isolated group of resources;
a role model — defines access for different users within an account and project.

Access within the role model

Learn more about role-based access in the Access management in Selectel products guide.

member

User with full access to all services. Access management is not available: users, service users, user groups, and federations.

Access scopes	Account; Project
Can be assigned to	Users; service users; user groups
Available operations with cloud load balancers	In the Account access scope: view the list of all balancer objects and their information across all projects: load balancers, rules and HTTP policies, target groups and servers within them, and health checks; viewing load balancer statistics across all projects; managing load balancers, rules and HTTP policies, target groups, and health checks across all projects; enabling and disabling load balancer logging across all projects
Available operations with cloud load balancers	In the Project access scope: view the list of all balancer objects and their information in the selected project: load balancers, rules and HTTP policies, target groups and servers within them, and health checks; viewing load balancer statistics in the selected project; managing load balancers, rules and HTTP policies, target groups, and health checks in the selected project; enabling and disabling load balancer logging in the selected project

iam.admin

User with access to manage users but without access to services and billing. Cannot manage their own account: change permissions, manage notifications, or delete the user. The first user with the iam.admin role is created by the Account Owner.

Access scopes	Account
Can be assigned to	Users; service users; user groups
Available operations with cloud load balancers	Manage users, service users, user groups with access to cloud load balancers, as well as managing federations

iam.viewer

User with access to view everything that iam.admin manages.

Access scopes	Account
Can be assigned to	Users; service users; user groups
Available operations with cloud load balancers	View users, service users, user groups, and federations; viewing user keys; viewing notifications of other users; viewing account access restrictions

reader

User with access to view everything that member manages in the same access scope.

Access scopes	Account; Project
Can be assigned to	Users; service users; user groups
Available operations with cloud load balancers	In the Account access scope: view the list of all balancer objects and their information across all projects: load balancers, rules and HTTP policies, target groups and servers within them, and health checks
Available operations with cloud load balancers	In the Project access scope: view the list of all balancer objects and their information in the selected project: load balancers, rules and HTTP policies, target groups and servers within them, and health checks

vpc.admin

User with access to manage cloud platform networks (private networks and subnets, public subnets and public IP addresses, cloud routers), cloud firewalls, security groups, and cloud load balancers.

Assigning ports to a cloud server is not available.

Access scopes	Account; Project
Can be assigned to	Users; service users; user groups
Available operations with cloud load balancers	In the Account access scope: view the list of all balancer objects and their information across all projects: load balancers, rules and HTTP policies, target groups and servers within them, and health checks; viewing load balancer statistics across all projects; managing load balancers, rules and HTTP policies, target groups, and health checks across all projects; enabling and disabling load balancer logging across all projects
Available operations with cloud load balancers	In the Project access scope: view the list of all balancer objects and their information in the selected project: load balancers, rules and HTTP policies, target groups and servers within them, and health checks; viewing load balancer statistics in the selected project; managing load balancers, rules and HTTP policies, target groups, and health checks in the selected project; enabling and disabling load balancer logging in the selected project

vpc.viewer

User with access to view everything that vpc.admin manages in the same access scope.

Access scopes	Account; Project
Can be assigned to	Users; service users; user groups
Available operations with cloud load balancers	In the Account access scope: view the list of all balancer objects and their information across all projects: load balancers, rules and HTTP policies, target groups and servers within them, and health checks
Available operations with cloud load balancers	In the Project access scope: view the list of all balancer objects and their information in the selected project: load balancers, rules and HTTP policies, target groups and servers within them, and health checks

vpc.load_balancer.admin

Access scopes	Account; Project
Can be assigned to	Users; service users; user groups
Available operations with cloud load balancers	In the Account access scope: view the list of all balancer objects and their information across all projects: load balancers, rules and HTTP policies, target groups and servers within them, and health checks; viewing load balancer statistics across all projects; managing load balancer objects (except for creating a load balancer) across all projects. Creating a load balancer additionally requires one or more extra roles. These roles depend on the network where the balancer will be created: `vpc.admin` to create a load balancer in any subnet; `vpc.private_network.admin` to create a load balancer in a private subnet; `vpc.external_access.admin` to create a load balancer in a public subnet; a combination of `vpc.private_network.admin` and `vpc.external_access.admin` roles to create a load balancer in a private subnet with a public IP address; enabling and disabling load balancer logging across all projects
Available operations with cloud load balancers	In the Project access scope: view the list of all balancer objects and their information in the selected project: load balancers, rules and HTTP policies, target groups and servers within them, and health checks; viewing load balancer statistics in the selected project; managing load balancer objects (except for creating a load balancer) in the selected project. Creating a load balancer additionally requires one or more extra roles. These roles depend on the network where the balancer will be created: `vpc.admin` to create a load balancer in any subnet; `vpc.private_network.admin` to create a load balancer in a private subnet; `vpc.external_access.admin` to create a load balancer in a public subnet; a combination of `vpc.private_network.admin` and `vpc.external_access.admin` roles to create a load balancer in a private subnet with a public IP address; enabling and disabling load balancer logging in the selected project

vpc.load_balancer.viewer

User with access to view everything that vpc.load_balancer.admin manages in the same access scope.

Access scopes	Account; Project
Can be assigned to	Users; service users; user groups
Available operations with cloud load balancers	In the Account access scope: view the list of all balancer objects and their information across all projects: load balancers, rules and HTTP policies, target groups and servers within them, and health checks
Available operations with cloud load balancers	In the Project access scope: view the list of all balancer objects and their information in the selected project: load balancers, rules and HTTP policies, target groups and servers within them, and health checks