Types of users
User types are used to access resources and account settings:
- Account owner — the main user, created automatically when registering an account;
- users — are invited by the Account Owner and have limited access to the control panel;
- service users — are added by the Account Owner and used for program access via API.
For more information about authenticating different types of users in the API, see the API Documentation API Request Authentication instructions.
Account owner
The primary user who registered the account. Has access to everything in the account.
The account owner has exclusive permissions that cannot be assigned to other users:
- account deletion;
- change of company details;
- audit-log review;
- view the authorization log of all users.
You cannot assign another user as Account Owner or change their permissions, you can only change their profile information.
Users
Have access to the control panel, they are invited to the account by the Account Owner or a user with the role of iam_admin.
Users can authenticate to the control panel in two ways:
- by e-mail and password created in the control panel. Two-step authentication via email and phone number. Can issue themselves a static token (X-Token) for full access to the Selectel product API;
- on the SSO on the credentialing vendor side, if they belong to one of the federations. Do not go through two-step authentication. User is added already registered — they only need to enter their full name at the first login. Email is mandatory. Does not have access to the API.
Service users
User with an account for program access via Selectel product APIs and other automation tools. Does not have access to the control panel, has only login and password.
Account owner or users with the role iam_admin can add service users and issue them access keys — SSH-, S3- andADB-keys.