Types and roles of users
User access rights are delimited through:
- user types which determine where the account will be used — in the control panel or for authorized access via APIs and automation tools;
- roles that define accesses within each type of user.
add and edit Only users with the role of Account Owner or User Administrator are allowed to create users.
You can also add users to groups To manage multiple users as a single user.
User types and roles are temporarily unsupported in the following product and service groups:
- VMware-based cloud: VMware-based public cloud, disaster recovery to VMware-based cloud, and others;
- network services (except CDN and DNS);
- additional services: monitoring and others.
In object storage, user access to a container can be changed according to the access policy, see the instructions for more details Manage access to object storage.
You can work with users and roles in the control panels with the help of IAM API or Terraform.
Types of users
The user type is specified when user addition and cannot be changed:
- control panel user — a user with an account in the control panel who logged into the control panel and the authorization goes through two-step authentication through the mail and a phone number. He can write himself a prescription Selectel token (API key) for full access to Selectel product APIs;
- service user — a user with an account for program access via Selectel Product API and other automation tools. Has only a login and password. Does not have access to control panels;
- federated user — a user of the control panel who belongs to one of the federations and authenticates through SSO. Does not pass two-step authentication. The user is added already registered — he only needs to enter his full name at the first login. Email is mandatory. Does not have access to API.
Read more about authorization of users of different types in the API in the instructions Authorization API documentation.
Raleigh
Depending on user type it can be assigned one or more roles.
A role can be assigned individually to a user or to a user group.
Role comparison
Account
Billing
Services
Projects
Access keys
Tickets