Types and roles of users
User access rights are delimited through:
- user types user types, which determine where the account will be used — in the control panel or for authorized access via APIs and automation tools;
- roles that define the accesses within each user type.
Add и edit users can only be added and edited by users with the Account Owner or User Administrator role.
You can also add users to groups to manage multiple users as one.
User types and roles are temporarily unsupported in the following product and service groups:
- VMware-based cloud: VMware-based public cloud, disaster recovery to VMware-based cloud, and others;
- network services (except CDN and DNS);
- additional services: monitoring and others.
In object storage, a user's access to a container can be changed according to an access policy, see the Manage Object Storage Access instructions for details.
You can work with users and roles in the control panel, using the IAM API or Terraform.
Types of users
The user type is specified when the user is added and cannot be changed:
- control panel user — a user with an account in the control panel, who registers in the control panel and undergoes two-step authentication via email and phone number during authorization . Can issue a static token (X-Token) to himself/herself for full access to Selectel products API;
- service user — a user with an account for program access via Selectel product API and other automation tools. Has only a login and password. Does not have access to the control panel;
- federated user — a control panel user who belongs to one of the federations and authenticates through SSO. It does not pass two-step authentication. The user is added already registered — he only needs to enter his full name at the first login. Email is mandatory. Does not have access to API.
For more information about authenticating different types of users in the API, see the API Documentation API Request Authentication instructions.
Raleigh
Depending on the type of user, one or more roles can be assigned to the user.
A role can be assigned to an individual user or a group of users.
Role comparison
Account
Billing
Services
Projects
Access keys
Tickets