Manage access to File Storage

Last update: June 04 2026

Access to File Storage is governed by a role model that defines access within an account and project. Read more in the Access Control in Selectel Products manual.

member

User with full access to all services. Does not have access to manage: users, service users, user groups, and federations.

Access scopes	account; project
Who can be assigned	for users; service users; user groups
Available operations with File Storage	In the Account access scope: view the list of all file storages and their details: name, size, storage type and protocol, IP and network name, status; view access rules for file storages; create and manage file storages; create and manage file storage networks; create and manage access rules
	In the Project access scope: view the list of all file storages and their details: name, size, storage type and protocol, IP and network name, status; view access rules for file storages; create and manage file storages; create and manage file storage networks; create and manage access rules

reader

User with access to view everything that member manages in the same access scope.

Access scopes	account; project
Who can be assigned	for users; service users; user groups
Available operations with File Storage	In the Account access scope: view the list of all file storages and their details: name, size, storage type and protocol, IP and network name, status; view access rules for file storages
	In the Project access scope: view the list of all file storages and their details: name, size, storage type and protocol, IP and network name, status; view access rules for file storages

billing

User with access to billing management and no access to service management.

Access scopes	Account
Who can be assigned	for users; service users; user groups
Available operations with File Storage	billing management

iam.admin

User with access to manage users and no access to services or billing. Cannot manage their own account: change permissions, manage notifications, or delete a user. The first user with the iam.admin role is created by the Account Owner.

Access scopes	Account
Who can be assigned	for users; service users; user groups
Available operations with File Storage	manage users, service users, user groups with access to file storage; manage federations

iam.viewer

User with access to view everything managed by iam.admin.

Access scopes	Account
Who can be assigned	for users; for service users; for user groups
Available operations with file storage	view users, service users, user groups and federations; viewing user keys; viewing notifications of other users; viewing account access restrictions

filestorage.admin

User with file storage management access. Does not have access to other products.

Access scopes	account; project
Who can be assigned	for users; for service users; for user groups
Available operations with file storage	In the Account access scope: view a list of all file storages and their details: name, size, storage type and protocol, IP and network name, status; view file storage access rules; create and manage file storages *; create and manage access rules
	In the Project access scope: view a list of all file storages and their details: name, size, storage type and protocol, IP and network name, status; view file storage access rules; create and manage file storages *; create and manage access rules

* In addition to the filestorage.admin role, the user must have a role with access to manage cloud platform networks to connect a file storage network.

filestorage.viewer

User with access to view file storages. Does not have access to other products.

Access scopes	account; project
Who can be assigned	for users; for service users; for user groups
Available operations with file storage	In the Account access scope: view a list of all file storages and their details: name, size, storage type and protocol, IP and network name, status; view file storage access rules
	In the Project access scope: view a list of all file storages and their details: name, size, storage type and protocol, IP and network name, status; view file storage access rules