Skip to main content
Types and roles of users
Last update:

Types and roles of users

User access rights are delimited through:

  • user types which determine where the account will be used — in the control panel or for authorized access via APIs and automation tools;
  • roles that define accesses within each type of user.

add and edit Only users with the role of Account Owner or User Administrator are allowed to create users.

You can also add users to groups To manage multiple users as a single user.

User types and roles are temporarily unsupported in the following product and service groups:

  • VMware-based cloud: VMware-based public cloud, disaster recovery to VMware-based cloud, and others;
  • network services (except CDN and DNS);
  • additional services: monitoring and others.

In object storage, user access to a container can be changed according to the access policy, see the instructions for more details Manage access to object storage.

You can work with users and roles in the control panels with the help of IAM API or Terraform.

Types of users

The user type is specified when user addition and cannot be changed:

  • control panel user — a user with an account in the control panel who logged into the control panel and the authorization goes through two-step authentication through the mail and a phone number. He can write himself a prescription Selectel token (API key) for full access to Selectel product APIs;
  • service user — a user with an account for program access via Selectel Product API and other automation tools. Has only a login and password. Does not have access to control panels;
  • federated user — a user of the control panel who belongs to one of the federations and authenticates through SSO. Does not pass two-step authentication. The user is added already registered — he only needs to enter his full name at the first login. Email is mandatory. Does not have access to API.

Read more about authorization of users of different types in the API in the instructions Authorization API documentation.

Raleigh

Depending on user type it can be assigned one or more roles.

A role can be assigned individually to a user or to a user group.

Control panel userService userFederated user
Account ownerThe user who registered the account. You cannot change the role of the Account Owner or assign this role to another user. You can only change the Account Owner via new account registration
Account administratorUser with access to account, service and billing management
Billing administratorUser with access to billing management and without access to service management
User AdministratorUser with access to user management and without access to services and billing. The first User Administrator is created by the Account Owner
Project AdministratorUser with access to infrastructure management projects and without access to billing, other projects and products.
Account SupervisorA user with access to view all services, billing and account data and no management access. The Account Supervisor can view everything that the Account Administrator manages
Project viewerUser with access to view the infrastructure projects and tickets and no management access
Object Storage AdministratorUser with full access to manage object storage within the project. Does not have access to other products. More details in the manual Manage access to object storage
Object storage userA user with access to object store containers, if they have an access policy configured that allows access to the container for that user, see the instructions for more details Manage access to object storage. Does not have access to other products. The degree of access and allowed actions with objects depends on the access policy settings
SubscriberUser without access to the control panel, has no login and password. When adding a Subscriber, only mail is specified. The Subscriber can only receive notices from the Accounting Documents and Balance and Payments categories. Notifications are configured by the Account Owner or User Administrator
(without access to the panel)

Role comparison

Account ownerAccount administratorBilling administratorUser AdministratorProject AdministratorAccount SupervisorProject viewerObject Storage AdministratorObject storage userSubscriber
Two-factor authentication
Viewing the authorization log(only their own)(only their own)(only their own)(only their own)(only their own)(only their own)
Resetting your sessions
Managing users, user groups and federations
Receiving notifications(Accounting Documents and Balance Sheet and Payments categories only)
Notification management(other users only)(other users only)
Connect notifications in Telegram
Access restriction