Skip to main content

Role Directory

Last update:

A role is a set of authorized operations on specific types of resources.

Roles are assigned within permissions. The role applies to the access area that is specified in the permission, please refer to the Access Control in Selectel Products manual for more details.

Some roles may only be assigned to a specific access area, and may have a different set of managed resources in different access areas.

member

User with full access to all services. Unavailable access control: users, service users, user groups, federations.

Access areas
  • Account;
  • project
Who can be prescribed
  • Users;
  • to service users;
  • user groups
Available operations

In the Account access area:

  • management of projects, their limits and quotas;
  • billing management;
  • resource management across all projects;
  • management of resources outside of projects;
  • working with audit logs.

In the access area Project:

  • management of the resources of the selected project.

billing

User with access to billing management and without access to service management.

Access areasAccount
Who can be prescribed
  • Users;
  • to service users;
  • user groups
Available operations
  • Billing Management:
    • replenishment of balance and transfer of funds between balances;
    • management of auto-account, monthly payments, payment deferrals;
    • balance notification management;
    • bank card management;
    • viewing of reporting documents;
    • managing the affiliate program and withdrawal of funds;
  • view connected services and service statuses.

iam_admin

User with access to user management and without access to services and billing. Cannot manage his account: change permissions, manage notifications, delete the user. The first user with the iam_admin role is created by the Account Owner.

Access areasAccount
Who can be prescribed
  • Users;
  • to service users;
  • user groups
Available operations

reader

A user with access to view everything he controls member in the same access area.

Access areas
  • Account;
  • project
Who can be prescribed
  • Users;
  • to service users;
  • user groups
Available operations

In the Account access area:

  • View resources in all projects, as well as resources that are not attached to a project;
  • view the settings of all projects, their limits and quotas;
  • viewing of billing data (balance, bank cards, report documents, partner program, etc.)

In the access area Project:

  • view the resources of the selected project

object_storage:admin

User with full access to S3 management within the project. Does not have access to S3 in other projects or other products in his project. For more information, see the Manage access to S3 instructions.

Access areasproject
Who can be prescribedService users
Available operations
  • View the list of bucket list in the project;
  • viewing the contents of the bins;
  • management of objects in the bucket (loading, modification, deletion, etc.);
  • changing the settings of the buckets;
  • configuring the bucket access policy

object_storage_user

A user with access to the S3 buckets if an access policy is configured that allows access to the buckets for that user, see the Manage Access in S3 instructions for details . The degree of access is determined by the access policy settings. Does not have access to S3 in other projects and other products in its project.

Distinguished from a user with the role s3.bucket.user only by the fact that it has access to viewing the list of bucket in the project.

Access areasproject
Who can be prescribedService users
Available operations
  • View the list of bucket list in the project;
  • operations in the buckets that are allowed by the access policy.

s3.bucket.user

A user with access to the S3 buckets if an access policy is configured that allows access to the buckets for that user, see the Manage Access in S3 instructions for details . The degree of access is determined by the access policy settings. Does not have access to S3 in other projects and other products in its project.

Distinguished from a user with the role object_storage_user differs from the user with the object_storage_user role only by the fact that he/she does not have access to viewing the list of bins in the project.

Access areasproject
Who can be prescribedService users
Available operationsOperations in the Bucket that are allowed by the Bucket policy

global_router.admin

User with access to manage global routers in the account. Does not have access to other products. For more information, see Manage global router management access.

Access areasAccount
Who can be prescribed
  • Users;
  • to service users;
  • user groups
Available operations
  • View a list of global routers, the networks and subnets connected to them, and a list of static routes on the router;
  • Create, modify, and delete global routers;
  • adding, modifying, and deleting static routes on a global router;
  • Change the name of the networks and subnets connected to the global router.

Other operations on global router networks additionally require the role member (Project or Account access area):

  • Connect to a global router on an existing or new network and subnet of the cloud platform;
  • connect to the global router of an existing or new network and a subnet of dedicated servers;
  • Removing the cloud platform network or subnet from the global router network, including removing the cloud platform network or subnet itself;
  • Removing a network or subnet of dedicated servers from the global router network

global_router.viewer

User with access to view global routers and their networks. Does not have access to other products. For more information, see Manage access to a global router.

Access areasAccount
Who can be prescribed
  • Users;
  • to service users;
  • user groups
Available operationsView a list of global routers, networks and subnets connected to them, a list of static routes on the router

mobile_farm.admin

User with full access to mobile farm management in their project. Does not have access to the mobile farm in other projects and other products in his project. For more information, see the Manage access to the mobile farm instruction.

Access areasproject
Who can be prescribed
  • Users;
  • to service users;
  • user groups
Available operations
  • View mobile farm consumption;
  • Adding and removing mobile farm devices;
  • utilization of mobile farm devices;
  • mobile farm tariff change;
  • adding ADB keys to your profile

mobile_farm.user

User with access to use mobile farm devices in their project. Does not have access to the mobile farm in other projects or other products in their project. For more information, see Manage access to the mobile farm.

Access areasproject
Who can be prescribed
  • Users;
  • to service users;
  • user groups
Available operations
  • View mobile farm consumption;
  • utilization of mobile farm devices;
  • adding ADB keys to your profile

mobile_farm.viewer

User with access to view devices and consumption of the mobile farm in their project. Does not have access to the mobile farm in other projects and other products in their project. For more information, see Manage access to the mobile farm in the instructions.

Access areasproject
Who can be prescribed
  • Users;
  • to service users;
  • user groups
Available operations
  • View mobile farm consumption;
  • Mobile Farm Device Viewer;
  • adding ADB keys to your profile